Quick Primer on using Gentoo’s glsa-check tool.

 glsa-check --help
usage: glsa-check <option> [glsa-id | all | new | affected]

options:
  -h, --help        show this help message and exit
  -V, --version     Show information about glsa-check
  -q, --quiet       Be less verbose and do not send empty mail
  -v, --verbose     Print more messages
  -n, --nocolor     Removes color from output
  -e, --emergelike  Upgrade to latest version (not least-change)
  -c, --cve         Show CVE IDs in listing mode
  -r, --reverse     List GLSAs in reverse order

Modes:
  -l, --list        List a summary for the given GLSA(s) or set and whether they affect the system
  -d, --dump        Show all information about the GLSA(s) or set
  --print           Alias for --dump
  -t, --test        Test if this system is affected by the GLSA(s) or set and output the GLSA ID(s)
  -p, --pretend     Show the necessary steps to remediate the system
  -f, --fix         (experimental) Attempt to remediate the system based on the instructions given in the GLSA(s) or
                    set. This will only upgrade (when an upgrade path exists) or remove packages
  -i, --inject      Inject the given GLSA(s) into the glsa_injected file
  -m, --mail        Send a mail with the given GLSAs to the administrator

glsa-list can contain an arbitrary number of GLSA ids, filenames containing GLSAs or the special identifiers 'all'
and 'affected'

Check for vulnerable packages with ‘-p’ (pretend) flag:

 glsa-check -p all
Checking GLSA 200409-10
>>> no vulnerable packages installed


Checking GLSA 200411-08
>>> no vulnerable packages installed
...

Check AND fix vulnerable packages with ‘-f’ (fix) flag:

glsa-check -f all
Fixing GLSA 200409-10
>>> no vulnerable packages installed

Fixing GLSA 200411-08
>>> no vulnerable packages installed
...

And that’s a wrap!