GnuTLS is an Open Source implementation of the TLS and SSL protocols.
+Multiple heap and stack overflows and double free vulnerabilities have + been discovered in GnuTLS by the OSS-Fuzz project. Please review the CVE + identifiers referenced below for details. +
+A remote attacker could entice a user or automated system to process a + specially crafted certificate using an application linked against GnuTLS. + This could possibly result in the execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All GnuTLS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/gnutls-3.3.26"
+
+ A daemon to synchronize local directories using rsync.
+default-rsyncssh.lua in Lsyncd performed insufficient sanitising of + filenames. +
+An attacker, able to control files processed by Lsyncd, could possibly + execute arbitrary code with the privileges of the process or cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All Lsyncd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/lsyncd-2.1.6"
+
+ Graphviz is an open source graph visualization software.
+Multiple vulnerabilities in Graphviz were discovered. Please review the + CVE identifiers referenced below for details. +
+A remote attacker, able to control input matched against a regular + expression or by enticing a user to process a specially crafted file, + could cause unspecified impacts. +
+There is no known workaround at this time.
+All Graphviz users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/graphviz-2.36.0"
+
+