bump(metadata/glsa): sync with upstream

2025-08-17 18:06:59 +02:00 · 2018-06-02 02:10:27 +00:00 · 2018-06-02 02:10:27 +00:00 · 1a84ac4c93
commit 1a84ac4c93
parent c0c560b10a
14 changed files with 577 additions and 17 deletions
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512

-MANIFEST Manifest.files.gz 423767 BLAKE2B b4b02eedb610a1c6d9e2d0e9f57f61c0c0ddafb48679b275cd19d127faac6f1d44d72cf4d204e2e99bbdadfb9d1e296ea33c63e12cff5af0207e2e6247914ff9 SHA512 ba2fcf04666f32bf8235a27f099dd883ab13109b872e9d00eac03e3e02b976470b0d5a6f1b3ce76acd9005d909e8b6e04ffdfefb9cce629ec213bbe88eb4d8b4
-TIMESTAMP 2018-05-16T20:08:33Z
+MANIFEST Manifest.files.gz 425353 BLAKE2B ec410f73e8160a04f1e8d9ba24f8a9a7403de8d80de422b45237ee3d29412684c7b01eb6c65076d2a0e39e2a5a031fa3a30e25eaf8291e44c92b9e9e62cb3412 SHA512 f41e2315afb547d2663e7d73d1c71ddccb41cbcb981f32843e47a742285e23731f0c982f66fc7df7697259b315666ee38e690923c6014e4574c7d7496b96947a
+TIMESTAMP 2018-06-02T01:38:31Z
 -----BEGIN PGP SIGNATURE-----

-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlr8j8JfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlsR9RdfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBLhA//RVNgrZDx/5ZGvC+E2NFZhybIh6MHFsCzYZjlm4GH1owjNTBz9Pb4qBmx
-I+Nmb9OW6GV+ZBIHG3xaVFeswQD+q4rFObbyF1Yxw/pDaAi3Bmlm6B4vMENcXYTK
-9d1QtaE5ronANqnq1tcA/+cHxJSTTqNoTzWPiyfv/mtajuhdI0z+7zTin8+CEELH
-SRXJDXjpStwVZbKNP6OrNk7zluuerY86mgAqVMrV2ZIQ0FnEYC3M69Y7U5lccFrc
-KxLpqZWNLhBYzrvP+aNdfpPSVrMJhPBnPOYvOm3Q+kP4iiwMuYKWEfgjn0GfepMi
-nHY5HUCZAxyB+kl5oHLAe8QL1yU8YfBjcfC9j3ZL25+M2/+WoZwaUNyOpwa5xx0t
-8grQY7Sz3/pHE5XIttn7yvRUt2R2kMIukkhY99GNEI0TzDVjZfIoxR9vquV6i7vM
-XGL9pGAEW91FSG9ZOeZ8Kb56DePEj7GY/d7lHPnAa10KBWN8YH4j0L+aBCbNiBLM
-ugnK9r0C4X5n0/kbPY+5OLP5bdP3RWxjl5aO0BHpx1jFAd0LJgyyAPYMlBC21cva
-3eaQjvLmdYab6zpIjJ3eg4Iwk96rgCddwRwWio5nZn50kKF2dnavndMzQIzNp+un
-iK7AonyV5Z+E8dgVF1dZd/QX6WecMObMZ50fAa/3zXDuYK+Ce54=
-=rOnb
+klDiVQ/9Hynr5LjtFvhMkIAi1jYrkkehZsySmuf6AHTf9nzsQAzijTJMzYMpS+Mi
+Cd7Vl91YaL6+pd42/X7G+0QPoJpWsNlo+uzRnbfBHpGURF4BIVQq3v6fDV6tm3ue
+osQh9goeu40hQUj0XT3YI4filYi1WCm0jrUFcXl+Y2Pk97v6/qo4jtS/jzu+au9m
+QKAWpIU43CUYEoiYb4Ll31UN2qwrCmSGGM66iHXenVr6u8uf4Ztco3kO/7iUTJT6
+waB+dJQc4tqgDLPpW/GUgrPyArxTXk7jv4ecMhbARByDc/mHwjq8VaGdsWns4fRt
+42w8DzGjoKxUO2dFKH7s0VVfI4FGSKF9g6hEDjpbmiYA1kD0zKz0sTmsikl20UuT
+DAalneB6x5c+mH/LEfTw8gM1XfEjj1LbKzMVK9OJuyf1Tv0ONmSbhhHPiLvBJ1oa
+qpGgPQ7wC6zX4A939k/mCOFmbJiuQAMMduHNOwDBh9KKfPTE+3myhlRRVTpCrKMh
+Ipq+FH7TB9RnQv+xS8d/fP8LBU7wiPfpZWbvP/31HZa+nKBesqWo0wEXcQmctF9B
+CsJTVCgyNN8prp5B2u7kix7/hOM/ToCSsaXYakEoMGeXFrJhtGE6mz0CE6m66xgq
+v5LGX3XyY7vZhto6aKzbnzPrlswgDViv+5cH+7n341f62FKe8mw=
+=lhbu
 -----END PGP SIGNATURE-----
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-06.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-06.xml
@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-06">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">chromium, chrome</product>
+  <announced>2018-05-20</announced>
+  <revised count="1">2018-05-20</revised>
+  <bug>655720</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">66.0.3359.170</unaffected>
+      <vulnerable range="lt">66.0.3359.170</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">66.0.3359.170</unaffected>
+      <vulnerable range="lt">66.0.3359.170</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to install malicious extensions,
+      could possibly escalate privileges, cause a Denial of Service condition,
+      or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-66.0.3359.170"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-66.0.3359.170"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6120">CVE-2018-6120</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6121">CVE-2018-6121</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6122">CVE-2018-6122</uri>
+    <uri link="https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html">
+      Google Chrome Release 20180510
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-17T12:07:01Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-05-20T14:40:13Z">chrisadr</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-07.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-07.xml
@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-07">
+  <title>Samba: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Samba, the worst of
+    which may allow remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">samba</product>
+  <announced>2018-05-22</announced>
+  <revised count="1">2018-05-22</revised>
+  <bug>588262</bug>
+  <bug>619516</bug>
+  <bug>639024</bug>
+  <bug>650382</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-fs/samba" auto="yes" arch="*">
+      <unaffected range="ge">4.5.16</unaffected>
+      <vulnerable range="lt">4.5.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Samba is a suite of SMB and CIFS client/server programs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Samba. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code, cause a Denial
+      of Service condition, conduct a man-in-the-middle attack, or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Samba users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-4.5.16"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-2119">CVE-2016-2119</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14746">CVE-2017-14746</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15275">CVE-2017-15275</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7494">CVE-2017-7494</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1050">CVE-2018-1050</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1057">CVE-2018-1057</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-15T00:36:47Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-22T22:29:53Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-08.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-08.xml
@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-08">
+  <title>VirtualBox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VirtualBox, the worst
+    of which could allow an attacker to take control of VirtualBox.
+  </synopsis>
+  <product type="ebuild">virtualbox</product>
+  <announced>2018-05-22</announced>
+  <revised count="1">2018-05-22</revised>
+  <bug>655186</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/virtualbox" auto="yes" arch="*">
+      <unaffected range="ge">5.1.36</unaffected>
+      <vulnerable range="lt">5.1.36</vulnerable>
+    </package>
+    <package name="app-emulation/virtualbox-bin" auto="yes" arch="*">
+      <unaffected range="ge">5.1.36.122089</unaffected>
+      <vulnerable range="lt">5.1.36.122089</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VirtualBox is a powerful virtualization product from Oracle.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VirtualBox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could take control of VirtualBox resulting in the execution
+      of arbitrary code with the privileges of the process, a Denial of Service
+      condition, or other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VirtualBox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-5.1.36"
+    </code>
+    
+    <p>All VirtualBox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/virtualbox-bin-5.1.36.122089"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2830">CVE-2018-2830</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2831">CVE-2018-2831</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2835">CVE-2018-2835</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2836">CVE-2018-2836</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2837">CVE-2018-2837</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2842">CVE-2018-2842</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2843">CVE-2018-2843</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2844">CVE-2018-2844</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2845">CVE-2018-2845</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2860">CVE-2018-2860</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-14T23:15:39Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-22T22:32:13Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-09.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-09.xml
@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-09">
+  <title>Shadow: security bypass</title>
+  <synopsis>A vulnerability found in Shadow may allow local attackers to bypass
+    security restrictions.
+  </synopsis>
+  <product type="ebuild">shadow</product>
+  <announced>2018-05-22</announced>
+  <revised count="1">2018-05-22</revised>
+  <bug>647790</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/shadow" auto="yes" arch="*">
+      <unaffected range="ge">4.6</unaffected>
+      <vulnerable range="lt">4.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Shadow is a set of tools to deal with user accounts.</p>
+  </background>
+  <description>
+    <p>A local attacker could possibly bypass security restrictions if an
+      administrator used “group blacklisting” to restrict access to file
+      system paths.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly bypass security restrictions.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All shadow users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/shadow-4.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7169">CVE-2018-7169</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-22T22:21:35Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2018-05-22T22:36:37Z">Zlogene</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-10.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-10.xml
@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-10">
+  <title>Zsh: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Zsh, the worst of which
+    could allow local attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">zsh</product>
+  <announced>2018-05-26</announced>
+  <revised count="1">2018-05-26</revised>
+  <bug>649614</bug>
+  <bug>651860</bug>
+  <bug>655708</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-shells/zsh" auto="yes" arch="*">
+      <unaffected range="ge">5.5</unaffected>
+      <vulnerable range="lt">5.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A shell designed for interactive use, although it is also a powerful
+      scripting language.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Zsh. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could execute arbitrary code, escalate privileges, or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Zsh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-shells/zsh-5.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18205">CVE-2017-18205</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18206">CVE-2017-18206</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1071">CVE-2018-1071</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1083">CVE-2018-1083</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1100">CVE-2018-1100</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7548">CVE-2018-7548</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7549">CVE-2018-7549</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-26T14:04:43Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-26T15:33:08Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-11.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-11.xml
@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-11">
+  <title>Rootkit Hunter: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability has been found in Rootkit Hunter that allows a
+    remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">rkhunter</product>
+  <announced>2018-05-26</announced>
+  <revised count="1">2018-05-26</revised>
+  <bug>623150</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-forensics/rkhunter" auto="yes" arch="*">
+      <unaffected range="ge">1.4.6</unaffected>
+      <vulnerable range="lt">1.4.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Scans for known and unknown rootkits, backdoors, and sniffers.</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in Rootkit Hunter that allows the
+      downloading of mirror updates over insecure channels (HTTP). 
+      Furthermore, the mirror update is then executed in Bash.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by performing a man-in-the-middle attack, could
+      execute arbitrary code, conduct a Denial of Service, or have other
+      unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>Users are advised to not trust insecure protocols such as HTTP and to
+      turn off any mirror updates utilizing such channels.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Rootkit Hunter users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-forensics/rkhunter-1.4.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7480">CVE-2017-7480</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-26T14:19:37Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-26T15:45:59Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-12.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-12.xml
@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-12">
+  <title>NTP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in NTP, the worst of which
+    could lead to remote code execution.
+  </synopsis>
+  <product type="ebuild">ntp</product>
+  <announced>2018-05-26</announced>
+  <revised count="1">2018-05-26</revised>
+  <bug>649612</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/ntp" auto="yes" arch="*">
+      <unaffected range="ge">4.2.8_p11</unaffected>
+      <vulnerable range="lt">4.2.8_p11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NTP contains software for the Network Time Protocol.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in NTP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NTP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/ntp-4.2.8_p11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7170">CVE-2018-7170</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7182">CVE-2018-7182</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7183">CVE-2018-7183</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7184">CVE-2018-7184</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7185">CVE-2018-7185</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-26T14:29:05Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-26T15:54:33Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-13.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-13.xml
@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-13">
+  <title>Git: Multiple vulnerabilities</title>
+  <synopsis>Git contains multiple vulnerabilities that allow for the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">git</product>
+  <announced>2018-05-30</announced>
+  <revised count="1">2018-05-30</revised>
+  <bug>656868</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/git" auto="yes" arch="*">
+      <unaffected range="ge">2.16.4</unaffected>
+      <vulnerable range="lt">2.16.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Git is a free and open source distributed version control system
+      designed to handle everything from small to very large projects with
+      speed and efficiency.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Git. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Remote attackers could execute arbitrary code on both client and server.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Git users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.16.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11233">CVE-2018-11233</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11235">CVE-2018-11235</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-30T00:57:53Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-05-30T01:20:47Z">whissi</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-14.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-14.xml
@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-14">
+  <title>procps: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in procps, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">procps</product>
+  <announced>2018-05-30</announced>
+  <revised count="1">2018-05-30</revised>
+  <bug>656022</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-process/procps" auto="yes" arch="*">
+      <unaffected range="ge">3.3.15-r1</unaffected>
+      <vulnerable range="lt">3.3.15-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A bunch of small useful utilities that give information about processes
+      using the /proc filesystem.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in procps. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could execute arbitrary code, escalate privileges, or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All procps users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-process/procps-3.3.15-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1120">CVE-2018-1120</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1121">CVE-2018-1121</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1122">CVE-2018-1122</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1123">CVE-2018-1123</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1124">CVE-2018-1124</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-29T13:26:11Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-30T14:04:23Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-15.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-15.xml
@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-15">
+  <title>beep: Local privilege escalation </title>
+  <synopsis>A vulnerability in beep could allow local attackers to escalate
+    privileges.
+  </synopsis>
+  <product type="ebuild">beep</product>
+  <announced>2018-05-30</announced>
+  <revised count="1">2018-05-30</revised>
+  <bug>652330</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-misc/beep" auto="yes" arch="*">
+      <unaffected range="ge">1.3-r3</unaffected>
+      <vulnerable range="lt">1.3-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The advanced PC speaker beeper.</p>
+  </background>
+  <description>
+    <p>A race condition, if setuid, was discovered in beep.</p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All beep users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-misc/beep-1.3-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0492">CVE-2018-0492</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-28T02:25:00Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-05-30T14:05:31Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
@ -1 +1 @@
-Wed, 16 May 2018 20:08:29 +0000
+Sat, 02 Jun 2018 01:38:28 +0000
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
@ -1 +1 @@
-40f254b177f3628d865f1e77c8fd7c94584de14e 1526340152 2018-05-14T23:22:32+00:00
+e1eed7ae3b27f8139b508d9d14861c4437216138 1527689205 2018-05-30T14:06:45+00:00