PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.
+Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All PHP 7.4 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.33"
+
+
+ All PHP 8.0 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-8.0.25"
+
+
+ All PHP 8.1 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-8.1.12"
+
+ PostgreSQL is an open source object-relational database management system.
+Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All PostgreSQL 10.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-10.22:10"
+
+
+ All PostgreSQL 11.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-11.17:11"
+
+
+ All PostgreSQL 12.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-12.12:12"
+
+
+ All PostgreSQL 13.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-13.8:13"
+
+
+ All PostgreSQL 14.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-14.5:14"
+
+ Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Thunderbird binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.5.0"
+
+
+ All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.5.0"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Firefox ESR binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.5.0"
+
+
+ All Mozilla Firefox ESR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-102.5.0"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-107.0"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-107.0"
+
+ sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools.
+On 32 bit systems, an integer overflow can be triggered when displaying activity data files.
+Arbitrary code execution can be achieved via sufficiently crafted malicious input.
+There is no known workaround at this time.
+All sysstat users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sysstat-12.7.1"
+
+ sudo allows a system administrator to give users the ability to run commands as other users.
+In certain password input handling, sudo incorrectly assumes the password input is at least nine bytes in size, leading to a heap buffer overread.
+In the worst case, the heap buffer overread can result in the denial of service of the sudo process.
+There is no known workaround at this time.
+All sudo users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.12-r1"
+
+ xterm is a terminal emulator for the X Window system.
+xterm does not correctly handle control characters related to OSC 50 font ops sequence handling.
+The vulnerability allows text written to the terminal to write text to the terminal's command line. If the terminal's shell is zsh running with vi line editing mode, text written to the terminal can also trigger the execution of arbitrary commands via writing ^G to the terminal.
+As a workaround, users can disable xterm's usage of OSC 50 sequences by adding the following to the XResources configuration: + +XTerm*allowFontOps: false
+All xterm users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/xterm-375"
+
+ The friendly PIL fork.
+Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Pillow users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/pillow-9.3.0"
+
+ Ghostscript is an interpreter for the PostScript language and for PDF.
+Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All GPL Ghostscript users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-9.56.1"
+
+