Merge pull request #3522 from flatcar/buildbot/monthly-glsa-metadata-updates-2025-12-01

Monthly GLSA metadata 2025-12-01

Author: dongsupark

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest

@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 604600 BLAKE2B 67fa11a1e6485039ed07ecb341dd3eed3351c2e805dffb942c7b1d5a67de5ce334f9c7e8c5cb91c69c6b47f09ddfab8f9675421c6bbcbc7edbff873eafe92a4e SHA512 ca8da2d1e3d921194da4de308aa6824a3315fadb8fa8032bf4faea9a454874b09a269bfba3178304da1473e32d3744bc06c1991003b11e8e16b1624b75ee3551
-TIMESTAMP 2025-11-01T06:40:07Z
+MANIFEST Manifest.files.gz 605865 BLAKE2B bcadc158253762e9f24c9e6b055b713a9641d9bfc450941217534a559d82b06bbcb49cffa8d81ca2f49f67ef4ee9530b6f3fe207bd5cb748ba4d010bf5f05a43 SHA512 0a179d9b6436cf36bf8fe75f2d424c5e5a2787d4f2be30bec99d500009833c9172e6703303a8e695c1b53afa286a8aeaa479d0807e86f5b0a383be84bc9c6bbe
+TIMESTAMP 2025-12-01T06:40:11Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmkFq0dfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmktOEtfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAlqw//Rh+QFG/HU8p/afZwOkCuKiH3EYyTI6xrchUx//UMbrQlEawqkxbcF9S+
-q8cx1x2S0FsrDI7nT0qh7yndM+rBNl0zRuRMzczq8gQo7rCGdePJkklevXUD5B6/
-RmRE0ojr+TZSfNsFtGGAs1Smh7QjViKB7L4OV+lGo+i7q+yFPK5yd2gUFvvDJuYz
-Orji4sAhdH8n4eDJ63DgJXn0oqLiDAHN55MizeQ1JmvAnuW6KCcflyzJ8wW4b3bB
-3tmpUDq0LcNQ5unffo6YhUhIYaALUivdp0sPLbQ3Z3MYWWoIhL6M9E/RyNU6e1Rw
-mX/VwyqNJGv+lTDYIEio4GFh0CiD0xyfW2EDD89ONqym3WwTNFWT0Y891FlaZm9q
-czYbX0nN8z91rLOj7olRRjbt9Jh8m4ixb8s/F1afK+eDNMvevNQJcY6+rOInDuog
-eCOo6hgBhAdKrBePXpnADD2PUG7HXrjijWZAzoOfThs3IvRfSmRhtd9wAU5a+W4U
-YpY8ogO9mwP5HQwCs6hARnZB8cIJJZXBgXC1AK139O88KaRlhLT4dTo9DI5as2Lk
-2VEUNAGMAoGRuQIHUvLJ83AtV0A1w/wt8O54lcusXxvcYCaxiLRQ5Lb46IrcmEmD
-zihw7ItaE4/sYgbqEgpw5W29XDAFrzKv/Cy4wT9HUznGFu0813A=
-=hxuR
+klDI2A//f1DEIxwY5RAteoK8kAD1VUen5rTkm8/Ed7BQleONRh4qnYK6ic9G05Ei
+nleWa6HgOpMPUPv4AR+xx6vxwBH06sKb2Nwc+dLX0KgMolBryTLz50N1ZDJ6FvLf
+CagByOIXykQt0q6ktR3Px+F6nHupywQxquJnMAUMH8sf1UPD2qAMG6peBXc0BIeJ
+sJ9+lm8ZCU0SAS1jQeLdwoLTfqlOuIMHjdtRYNbqqXc/KVebVl+rzDWadOUCD938
+P2idhdguAtBYc2KtV+XHKdQfSPsujLoWRsS3/nxBj7qAwIobT8o48hDOdQ8vlldE
+ktXxWIdtT2IZL0RbHfwNa9oh7etO/63nGWfZ9/WVoXj5m2MnqM4ZqNINfCpyk4R8
+jtfnQ8YEPk06yfwn/gk4iTgsjU8BTKtQJ8HvIwxQqbCQUXBxeebAPY6wEcO3sN9L
+j4dxu1d9gRBtOdzIngnqhLDVc12gDQQYZsmI0WcF8gYRLD3INyyzUBkOQHYCP39q
+kGy3x7er7vEPbHWgvmY5FI6twYyGBJRC01Bl7023JAk3s+AKKShiUi1nFyLb26ix
+Gwh/vijlztJ5eoqz+MvBosojhKJLaQ5XRMha8z3Hnm26o0dA2h/gW3RDMdzwFFRj
+I3YXZvYvS8Fr/vzzlrdQ3mf2nhjS0j8y2kf/qeG3H3eFpW3zWvo=
+=4q7u
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202509-01">
+    <title>Poppler: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Poppler, the worst of which could lead to execution of arbitrary code.</synopsis>
+    <product type="ebuild">poppler</product>
+    <announced>2025-09-17</announced>
+    <revised count="1">2025-09-17</revised>
+    <bug>843149</bug>
+    <bug>959944</bug>
+    <access>local</access>
+    <affected>
+        <package name="app-text/poppler" auto="yes" arch="*">
+            <unaffected range="ge">25.06.0</unaffected>
+            <vulnerable range="lt">25.06.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Poppler is a PDF rendering library based on the xpdf-3.0 code base.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Poppler users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-text/poppler-25.06.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27337">CVE-2022-27337</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-52886">CVE-2025-52886</uri>
+    </references>
+    <metadata tag="requester" timestamp="2025-09-17T21:40:01.591882Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2025-09-17T21:40:01.594167Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202509-01.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202511-01">
+    <title>UDisks: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in UDisks, the worst of which can lead to execution of arbitrary code.</synopsis>
+    <product type="ebuild">udisks</product>
+    <announced>2025-11-24</announced>
+    <revised count="1">2025-11-24</revised>
+    <bug>827863</bug>
+    <bug>962126</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-fs/udisks" auto="yes" arch="*">
+            <unaffected range="ge">2.10.2</unaffected>
+            <vulnerable range="lt">2.10.2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>UDisks provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in UDisks. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All UDisks users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-fs/udisks-2.10.2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3802">CVE-2021-3802</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-8067">CVE-2025-8067</uri>
+    </references>
+    <metadata tag="requester" timestamp="2025-11-24T23:57:06.298179Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2025-11-24T23:57:06.301913Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202511-01.xml

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202511-02">
+    <title>WebKitGTK+: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which can lead to execution of arbitary code.</synopsis>
+    <product type="ebuild">webkit-gtk</product>
+    <announced>2025-11-24</announced>
+    <revised count="1">2025-11-24</revised>
+    <bug>938026</bug>
+    <bug>941276</bug>
+    <bug>951739</bug>
+    <bug>961021</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+            <unaffected range="ge" slot="4.1">2.48.5</unaffected>
+            <unaffected range="ge" slot="6">2.48.5</unaffected>
+            <vulnerable range="lt" slot="4.1">2.48.5</vulnerable>
+            <vulnerable range="lt" slot="6">2.48.5</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.48.5:4.1" ">=net-libs/webkit-gtk-2.48.5:6"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-40857">CVE-2024-40857</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-40866">CVE-2024-40866</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-44185">CVE-2024-44185</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-44187">CVE-2024-44187</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-44192">CVE-2024-44192</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-44244">CVE-2024-44244</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-44296">CVE-2024-44296</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-54467">CVE-2024-54467</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-54551">CVE-2024-54551</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-24201">CVE-2025-24201</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-24208">CVE-2025-24208</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-24209">CVE-2025-24209</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-24213">CVE-2025-24213</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-24216">CVE-2025-24216</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-24264">CVE-2025-24264</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-30427">CVE-2025-30427</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-31273">CVE-2025-31273</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-31278">CVE-2025-31278</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-43211">CVE-2025-43211</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-43212">CVE-2025-43212</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-43216">CVE-2025-43216</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-43227">CVE-2025-43227</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-43228">CVE-2025-43228</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-43240">CVE-2025-43240</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-43265">CVE-2025-43265</uri>
+        <uri link="https://webkitgtk.org/security/WSA-2025-0002.html">WSA-2025-0002</uri>
+        <uri link="https://webkitgtk.org/security/WSA-2025-0003.html">WSA-2025-0003</uri>
+    </references>
+    <metadata tag="requester" timestamp="2025-11-24T23:57:31.542544Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2025-11-24T23:57:31.545141Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202511-02.xml

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202511-03">
+    <title>qtsvg: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to execution of arbitrary code.</synopsis>
+    <product type="ebuild">qtsvg</product>
+    <announced>2025-11-24</announced>
+    <revised count="1">2025-11-24</revised>
+    <bug>915998</bug>
+    <bug>963710</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="dev-qt/qtsvg" auto="yes" arch="*">
+            <unaffected range="ge">6.9.3:6</unaffected>
+            <vulnerable range="lt">6.9.3:6</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>qtsvg is a SVG rendering library for the Qt framework.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All qtsvg users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-qt/qtsvg-6.9.3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45872">CVE-2023-45872</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-10728">CVE-2025-10728</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-10729">CVE-2025-10729</uri>
+    </references>
+    <metadata tag="requester" timestamp="2025-11-24T23:58:02.219156Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2025-11-24T23:58:02.221875Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202511-03.xml

@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202511-04">
+    <title>Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.</synopsis>
+    <product type="ebuild">chromium,google-chrome,microsoft-edge,opera</product>
+    <announced>2025-11-24</announced>
+    <revised count="1">2025-11-24</revised>
+    <bug>961477</bug>
+    <bug>961834</bug>
+    <bug>962051</bug>
+    <bug>963024</bug>
+    <bug>963638</bug>
+    <bug>963959</bug>
+    <bug>964335</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="www-client/chromium" auto="yes" arch="*">
+            <unaffected range="ge">141.0.7390.107</unaffected>
+            <vulnerable range="lt">141.0.7390.107</vulnerable>
+        </package>
+        <package name="www-client/google-chrome" auto="yes" arch="*">
+            <unaffected range="ge">141.0.7390.107</unaffected>
+            <vulnerable range="lt">141.0.7390.107</vulnerable>
+        </package>
+        <package name="www-client/microsoft-edge" auto="yes" arch="*">
+            <unaffected range="ge">141.0.3537.71</unaffected>
+            <vulnerable range="lt">141.0.3537.71</vulnerable>
+        </package>
+        <package name="www-client/opera" auto="yes" arch="*">
+            <unaffected range="ge">122.0.5643.142</unaffected>
+            <vulnerable range="lt">122.0.5643.142</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Opera is a fast and secure web browser.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>ll Google Chrome users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/google-chrome-141.0.7390.107"
+        </code>
+        
+        <p>All Chromium users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/chromium-141.0.7390.107"
+        </code>
+        
+        <p>All Microsoft Edge users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-141.0.3537.71 "
+        </code>
+        
+        <p>All Oprea users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/opera-122.0.5643.142"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-8879">CVE-2025-8879</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-8880">CVE-2025-8880</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-8881">CVE-2025-8881</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-8882">CVE-2025-8882</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-8901">CVE-2025-8901</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-9132">CVE-2025-9132</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-9478">CVE-2025-9478</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-10500">CVE-2025-10500</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-10501">CVE-2025-10501</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-10502">CVE-2025-10502</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-10585">CVE-2025-10585</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11205">CVE-2025-11205</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11206">CVE-2025-11206</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11207">CVE-2025-11207</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11208">CVE-2025-11208</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11209">CVE-2025-11209</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11210">CVE-2025-11210</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11211">CVE-2025-11211</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11212">CVE-2025-11212</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11213">CVE-2025-11213</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11215">CVE-2025-11215</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11216">CVE-2025-11216</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11219">CVE-2025-11219</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11458">CVE-2025-11458</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11460">CVE-2025-11460</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11756">CVE-2025-11756</uri>
+    </references>
+    <metadata tag="requester" timestamp="2025-11-24T23:59:25.704414Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2025-11-24T23:59:25.706551Z">sam</metadata>
+</glsa>