libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library.
+It was discovered that libjpeg-turbo incorrectly handled certain PPM + files. +
+A remote attacker could entice a user to open a specially crafted PPM + file using an application linked against libjpeg-turbo, possibly allowing + attacker to obtain sensitive information. +
+There is no known workaround at this time.
+All libjpeg-turbo 1.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-libs/libjpeg-turbo-1.5.3-r3:0/0.1"
+
+
+ All libjpeg-turbo 2.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=media-libs/libjpeg-turbo-2.0.4-r1:0/0.2"
+
+
+ libxml2 is the XML (eXtended Markup Language) C parser and toolkit + initially developed for the Gnome project. +
+Multiple vulnerabilities have been discovered in libxml2. Please review + the CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libxml2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.10"
+
+
+ LibRaw is a library for reading RAW files obtained from digital photo + cameras. +
+Multiple vulnerabilities have been discovered in LibRaw. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted image + file using an application linked against LibRaw, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All LibRaw users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libraw-0.20.0"
+
+
+ Ark is a graphical file compression/decompression utility with support + for multiple formats. +
+It was discovered that Ark incorrectly handled symbolic links in tar + archive files. +
+A remote attacker could entice a user to open a specially crafted + archive using Ark, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All KDE Ark users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-apps/ark-20.04.3-r2"
+
+
+