libssh is a multiplatform C library implementing the SSHv2 protocol on + client and server side. +
+It was discovered that libssh incorrectly handled certain scp commands.
+A remote attacker could trick a victim into using a specially crafted + scp command, possibly resulting in the execution of arbitrary commands on + the server. +
+There is no known workaround at this time.
+All libssh users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libssh-0.9.3"
+
+
+ libarchive is a library for manipulating different streaming archive + formats, including certain tar variants, several cpio formats, and both + BSD and GNU ar variants. +
+Multiple vulnerabilities have been discovered in libarchive. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted + archive file possibly resulting in the execution of arbitrary code with + the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All libarchive users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.4.2"
+
+
+ A command line tool and library for transferring data with URLs.
+Multiple vulnerabilities have been discovered in cURL. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could possibly execute arbitrary code with the + privileges of the process or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All cURL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-7.66.0"
+
+
+ Git is a free and open source distributed version control system + designed to handle everything from small to very large projects with + speed and efficiency. +
+Multiple vulnerabilities have been discovered in Git. Please review the + CVE identifiers referenced below for details. +
+An attacker could possibly overwrite arbitrary paths, execute arbitrary + code, and overwrite files in the .git directory. +
+There is no known workaround at this time.
+All Git 2.21.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.21.1"
+
+
+ All Git 2.23.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.23.1-r1"
+
+
+ All Git 2.24.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.24.1"
+
+
+ gdb is the GNU project’s debugger, facilitating the analysis and + debugging of applications. The BFD library provides a uniform method of + accessing a variety of object file formats. +
+It was discovered that gdb didn’t properly validate the ELF section + sizes from input file. +
+A remote attacker could entice a user to open a specially crafted ELF + binary using gdb, possibly resulting in information disclosure or a + Denial of Service condition. +
+There is no known workaround at this time.
+All gdb users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-devel/gdb-9.1"
+
+
+ Libgcrypt is a general purpose cryptographic library derived out of + GnuPG. +
+A timing attack was found in the way ECCDSA was implemented in + Libgcrypt. +
+A local man-in-the-middle attacker, during signature generation, could + possibly recover the private key. +
+There is no known workaround at this time.
+All Libgcrypt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libgcrypt-1.8.5"
+
+
+ A well-groomed and well-maintained collection of GStreamer plug-ins and + elements, spanning the range of possible types of elements one would want + to write for GStreamer. +
+It was discovered that GStreamer Base Plugins did not correctly handle + certain malformed RTSP streams. +
+A remote attacker could entice a user to open a specially crafted RTSP + stream with a GStreamer application, possibly resulting in the execution + of arbitrary code or a Denial of Service condition. +
+There is no known workaround at this time.
+All GStreamer Base Plugins users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-libs/gst-plugins-base-1.14.5-r1"
+
+
+