bump(metadata/glsa): sync with upstream

2025-12-07 18:31:54 +01:00 · 2019-04-02 15:20:48 +00:00 · 2019-04-02 15:20:48 +00:00 · 1a92e6aafd
commit 1a92e6aafd
parent 32c126e530
12 changed files with 490 additions and 17 deletions
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512

-MANIFEST Manifest.files.gz 438854 BLAKE2B ca65213463786d39d41485af7ea84eff3024cf674a90349e25e12c216efcd63b50848be0dd7fb7c54db79b6279385d7b09488386ffd96909db99671090ea4f08 SHA512 6572d8ad2e9aad4fbe11ff52d8aa91113cb87e207974cdb6aa98101ae4a50b77b173f68eba733267e1a109e70f86139ed901b5a4ee05472f22a8d3024aa9acb5
-TIMESTAMP 2019-03-28T13:38:46Z
+MANIFEST Manifest.files.gz 440123 BLAKE2B 47652947d6c26c7bbac6a5c0bd24fb3c439032faa43da521eacb80cffe306ba49152b4848845d3bd677e90481d8a7f19855a790d203085d2cb6d866eca1771b5 SHA512 51daf36dd12ed79db6c4817f04ce4f65259ca3bdd0a5bba3ce51df64b42b9630e4a8a51c1c35db67c1d1be1b6a33e8ba1a2a4597de4a7ffe2b7186f3fd88503a
+TIMESTAMP 2019-04-02T14:38:49Z
 -----BEGIN PGP SIGNATURE-----

-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlyczmZfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlyjc/lfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDYWhAAo1sblmnGYIlx9TtDfDwZAhcScB0WxacZHB1VfQlHTv99u5+rtGZHRbrS
-OgsjKvrvHGyAdL11mOncCxusWKLMICEbukgv9bAwPDSe4ZJssgCA6dWBlKqs08rD
-9T+xcGop/7L9hOOOjRCkjp5oiT11XT1QO3CmxCAudvBGWL3warElsl0NqXlR3pQU
-2wFHj1VjlN5TZ3aAKx327N+TO4PzV7OI4IXz1F1I40H3o7df4k1QA01QMKwqngov
-fcVUpuCaS6j+szZg/34On/eGqL6P3Zlgi2nA1Bj/L39DoCRzzdsWo50qhD8ckApa
-VLVqL7mur7j8h0Q4cStu/7F0H66cEpqEvRfiEv6eMEQ2QWPoGWTI3lo+Rmoz3QC/
-fIrCsAWMxWIZCNbtSdDLKklhPFsDcTFyBpUF1ZBS0oFWkQioK8BWvs0A5w/sLVL1
-sat5Apk1ygCTeeeX8KBQizu3I6uKco17SqihcAwRHooCJuNPAPRxM9lbpWiQ+PPE
-C+w0MSbDD77Vq89+BKo8eA/LGvaIn4pfV+39ijhhsEIWmv/RjXMr9noKkID8wTAK
-Dfe2HY9P/o6zhziXpiskTN8hk5ootmODbC3jAPOAfLqQeDIHyTXN+bYKpVtZCFh7
-lWdqHx9+3V3xlcBrW8MDxMq0Gpghcc0eCLPx3kSHYzgoXvi3ZPg=
-=0j+W
+klCw7g/9HNNxIMGlCPXL3nWsUvd5f2mbf97RrRtVB8c45y2+92Him54LDRe7Q85d
+yWQiYAxjwHyjkAMRAC5iaR6bF9+IG79Su+ncR+AzRNPJu++Y9AHGiMXynqQis5uy
+b6FJuiOhc+VsfMIyNvJZT44NVF9dIKnGtL/SpPIbHDzrvqP9qsDtzpNfHTa5IsNC
+7Br8ho0ReC8cM9kEATsqg7kCkLx5WokuIlYwsuoQA6xEnkHTcDMZxpNZazgskhlk
+SLhr8XpOoau/SvJQz7Xcx4KN1DGg9tEN0CSJ0olpHbsclo/ej3tZMXNtiLnXJf6y
+Hti7G3pGDl0xylA8agE0QzDhB++G32DRpZwk7TB2JYBeElPsM7mzAN0L/DI+KYKi
+Nz35MYvNjZbchs84VZGaWM+3UoebdX1ZQcVhIsK6HTQ77AVuOs4B9zJtOiCGeh8j
+iyNFD9CVooFfg3IzwRz7DHzu/n/mWbpNKPOTT00j/jMEgew5Kq9TsKXZNB3lqFYe
+mdSiL6s3eZI24RwZgDXwvUeqOkzb4r/GptdGnpXDwNaPASV8YhpRqtX+L08LJW4Q
+AfVvtxELrzXqqvoH/cr8soDDGHLaq8I4ZaDli4/Xqfr4ikHdgHHFkrn5SZhLMham
+vrwFYgk5tiGDJ6JBdgL9TPbGgQrL69Iyw2AYwM4ThhcZiwD1nZE=
+=ydvg
 -----END PGP SIGNATURE-----
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-01.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-01.xml
@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-01">
+  <title>Cairo: Denial of Service</title>
+  <synopsis>Multiple vulnerabilities were found in Cairo, the worst of which
+    could cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">cairo</product>
+  <announced>2019-04-02</announced>
+  <revised count="1">2019-04-02</revised>
+  <bug>596756</bug>
+  <bug>625636</bug>
+  <bug>672908</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/cairo" auto="yes" arch="*">
+      <unaffected range="ge">1.16.0-r3</unaffected>
+      <vulnerable range="lt">1.16.0-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cairo is a 2D vector graphics library with cross-device output support.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Cairo. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cairo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/cairo-1.16.0-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-9082">CVE-2016-9082</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9814">CVE-2017-9814</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-27T00:20:40Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:14:37Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-02.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-02.xml
@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-02">
+  <title>Libical: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Libical, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libical</product>
+  <announced>2019-04-02</announced>
+  <revised count="1">2019-04-02</revised>
+  <bug>587572</bug>
+  <bug>587574</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libical" auto="yes" arch="*">
+      <unaffected range="ge">3.0.0</unaffected>
+      <vulnerable range="lt">3.0.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>An Open Source implementation of the iCalendar protocols and protocol
+      data units.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Libical. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Libical users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libical-3.0.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-5823">CVE-2016-5823</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-5824">CVE-2016-5824</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-29T18:17:49Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:17:39Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-03.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-03.xml
@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-03">
+  <title>Unbound: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Unbound, the worst of
+    which could lead to privilege escalation.
+  </synopsis>
+  <product type="ebuild">unbound</product>
+  <announced>2019-04-02</announced>
+  <revised count="1">2019-04-02</revised>
+  <bug>641042</bug>
+  <bug>677054</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/unbound" auto="yes" arch="*">
+      <unaffected range="ge">1.8.3</unaffected>
+      <vulnerable range="lt">1.8.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Unbound is a validating, recursive, and caching DNS resolver.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Unbound. Please review
+      the referenced bugs for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced bugs for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Unbound users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/unbound-1.8.3"
+    </code>
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T00:48:50Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:20:03Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-04.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-04.xml
@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-04">
+  <title>Poppler: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Poppler, the worst of
+    which could allow a Denial of Service.
+  </synopsis>
+  <product type="ebuild">poppler</product>
+  <announced>2019-04-02</announced>
+  <revised count="1">2019-04-02</revised>
+  <bug>659828</bug>
+  <bug>670880</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.70.0</unaffected>
+      <vulnerable range="lt">0.70.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Poppler is a PDF rendering library based on the xpdf-3.0 code base.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Poppler. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Poppler users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.70.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19149">CVE-2018-19149</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-27T05:17:10Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:21:51Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-05.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-05.xml
@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-05">
+  <title>BURP: Root privilege escalation</title>
+  <synopsis>A vulnerability was discovered in Gentoo's ebuild for BURP which
+    could lead to root privilege escalation.
+  </synopsis>
+  <product type="ebuild">burp</product>
+  <announced>2019-04-02</announced>
+  <revised count="1">2019-04-02</revised>
+  <bug>641842</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-backup/burp" auto="yes" arch="*">
+      <unaffected range="ge">2.1.32-r1</unaffected>
+      <vulnerable range="lt">2.1.32-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A network backup and restore program.</p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s BURP ebuild does not properly set
+      permissions or place the pid file in a safe directory. Additionally, the
+      first set of patches did not completely address this.  As such, a
+      revision has been made available that addresses all concerns of the
+      initial report.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>Users should ensure the proper permissions are set as discussed in the
+      referenced bugs.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All BURP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-backup/burp-2.1.32-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18285">CVE-2017-18285</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-27T01:35:48Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:23:38Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-06.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-06.xml
@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-06">
+  <title>GlusterFS: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GlusterFS, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">glusterfs</product>
+  <announced>2019-04-02</announced>
+  <revised count="2">2019-04-02</revised>
+  <bug>653070</bug>
+  <bug>658606</bug>
+  <bug>664336</bug>
+  <bug>670088</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-cluster/glusterfs" auto="yes" arch="*">
+      <unaffected range="ge">4.1.8</unaffected>
+      <vulnerable range="lt">4.1.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A free and open source software scalable network filesystem.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GlusterFS. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GlusterFS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-cluster/glusterfs-4.1.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10841">CVE-2018-10841</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1088">CVE-2018-1088</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10904">CVE-2018-10904</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10907">CVE-2018-10907</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10911">CVE-2018-10911</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10913">CVE-2018-10913</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10914">CVE-2018-10914</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10923">CVE-2018-10923</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10924">CVE-2018-10924</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10926">CVE-2018-10926</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10927">CVE-2018-10927</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10928">CVE-2018-10928</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10929">CVE-2018-10929</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10930">CVE-2018-10930</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14651">CVE-2018-14651</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14652">CVE-2018-14652</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14653">CVE-2018-14653</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14654">CVE-2018-14654</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14659">CVE-2018-14659</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14660">CVE-2018-14660</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14661">CVE-2018-14661</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-24T12:37:38Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:26:59Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-07.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-07.xml
@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-07">
+  <title>Mozilla Thunderbird and Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird and
+    Firefox, the worst of which could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">thunderbird,firefox,mozilla</product>
+  <announced>2019-04-02</announced>
+  <revised count="1">2019-04-02</revised>
+  <bug>676954</bug>
+  <bug>678072</bug>
+  <bug>681834</bug>
+  <bug>681836</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">60.6.1</unaffected>
+      <vulnerable range="lt">60.6.1</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">60.6.1</unaffected>
+      <vulnerable range="lt">60.6.1</vulnerable>
+    </package>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">60.6.1</unaffected>
+      <vulnerable range="lt">60.6.1</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">60.6.1</unaffected>
+      <vulnerable range="lt">60.6.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+      Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird and
+      Firefox. Please review the referenced Mozilla Foundation Security
+      Advisories and CVE identifiers below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced Mozilla Foundation Security Advisories and
+      CVE identifiers below for details.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-60.6.1"
+    </code>
+    
+    <p>All Thunderbird bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-60.6.1"
+    </code>
+    
+    <p>All Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-60.6.1"
+    </code>
+    
+    <p>All Firefox bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-60.6.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-5824">CVE-2016-5824</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18335">CVE-2018-18335</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18356">CVE-2018-18356</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18500">CVE-2018-18500</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18501">CVE-2018-18501</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18505">CVE-2018-18505</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18506">CVE-2018-18506</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18509">CVE-2018-18509</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18512">CVE-2018-18512</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18513">CVE-2018-18513</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5785">CVE-2019-5785</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9788">CVE-2019-9788</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9790">CVE-2019-9790</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9791">CVE-2019-9791</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9792">CVE-2019-9792</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9793">CVE-2019-9793</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9795">CVE-2019-9795</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9796">CVE-2019-9796</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9810">CVE-2019-9810</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9813">CVE-2019-9813</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-27T02:10:22Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:32:51Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-08.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-08.xml
@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-08">
+  <title>Subversion: Denial of Service</title>
+  <synopsis>A vulnerability in Subversion could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">subversion</product>
+  <announced>2019-04-02</announced>
+  <revised count="1">2019-04-02</revised>
+  <bug>676094</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/subversion" auto="yes" arch="*">
+      <unaffected range="ge">1.10.4</unaffected>
+      <vulnerable range="lt">1.10.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Subversion is a version control system intended to eventually replace
+      CVS. Like CVS, it has an optional client-server architecture (where the
+      server can be an Apache server running mod_svn, or an ssh program as in
+      CVS’s :ext: method). In addition to supporting the features found in
+      CVS, Subversion also provides support for moving and copying files and
+      directories.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in Subversion’s mod_dav_svn, that could
+      lead to a Denial of Service Condition.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible enial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Subversion users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/subversion-1.10.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11803">CVE-2018-11803</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-22T00:07:51Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-02T04:35:47Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
@ -1 +1 @@
-Thu, 28 Mar 2019 13:38:42 +0000
+Tue, 02 Apr 2019 14:38:45 +0000
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
@ -1 +1 @@
-821df578dd1e4239ed7205c587587491907ef45c 1553739754 2019-03-28T02:22:34+00:00
+30de0bf9ee6986a07eef489491b435e55fc9cafe 1554179778 2019-04-02T04:36:18+00:00