The GUI module and platform plugins for the Qt5 framework.
+It was discovered that Qt GUI’s XBM parser did not properly handle X + BitMap files. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Qt GUI users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-5.14.2-r1"
+
+ RTSP server library based on GStreamer.
+It was discovered that GStreamer RTSP Server did not properly handle + authentication. +
+A remote attacker, by sending specially crafted authentication requests, + could possibly cause a Denial of Service condition. +
+There is no known workaround at this time.
+All GStreamer RTSP Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-libs/gst-rtsp-server-1.16.2"
+
+
+ File Roller is an archive manager for the GNOME desktop environment.
+It was discovered that GNOME File Roller incorrectly handled symlinks.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All GNOME File Roller users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/file-roller-3.36.3"
+
+ A database access module for the Perl programming language.
+Multiple vulnerabilities have been discovered in the Perl module DBI. + Please review the CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Perl DBI module users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-perl/DBI-1.643.0"
+
+ GNOME Shell provides core user interface functions for the GNOME 3 + desktop, like switching to windows and launching applications. +
+It was discovered that GNOME Shell incorrectly handled the login screen + password dialog. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All GNOME Shell users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=gnome-base/gnome-shell-3.34.5-r1"
+
+ Nextcloud Desktop Sync client can synchronize one or more directories to + Nextcloud server. +
+Multiple vulnerabilities have been discovered in Nextcloud Desktop Sync + client. Please review the CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Nextcloud Desktop Sync client users should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/nextcloud-client-2.6.5"
+
+
+ PHP is an open source general-purpose scripting language that is + especially suited for web development. +
+It was discovered that PHP did not properly handle PHAR files.
+A remote attacker could entice a user to open a specially crafted PHAR + file using PHP, possibly allowing attacker to obtain sensitive + information or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All PHP 7.2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.33"
+
+
+ All PHP 7.3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.21"
+
+
+ All PHP 7.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.9"
+
+ ProFTPD is an advanced and very configurable FTP server.
+It was found that ProFTPD did not properly handle invalid SCP commands.
+An authenticated remote attacker could issue invalid SCP commands, + possibly resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All ProFTPD users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.7a"
+
+ Looks like an embeddable networking library but acts like a concurrency + framework. +
+It was discovered that ZeroMQ does not properly handle connecting peers + before a handshake is completed. +
+An unauthenticated remote attacker able to connect to a ZeroMQ endpoint, + even with CURVE encryption/authentication enabled, can cause a Denial of + Service condition. +
+There is no known workaround at this time.
+All ZeroMQ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/zeromq-4.3.3"
+
+