From 1aea7a18e8730dd8c2719c4c21b504527413cd0b Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Mon, 9 Oct 2017 11:51:02 -0700
Subject: [PATCH] bump(metadata/glsa): sync with upstream

---
 .../metadata/glsa/glsa-201705-15.xml          |  15 ++-
 .../metadata/glsa/glsa-201710-01.xml          |  61 +++++++++++
 .../metadata/glsa/glsa-201710-02.xml          |  53 +++++++++
 .../metadata/glsa/glsa-201710-03.xml          |  59 ++++++++++
 .../metadata/glsa/glsa-201710-04.xml          |  52 +++++++++
 .../metadata/glsa/glsa-201710-05.xml          |  50 +++++++++
 .../metadata/glsa/glsa-201710-06.xml          | 101 ++++++++++++++++++
 .../metadata/glsa/glsa-201710-07.xml          |  54 ++++++++++
 .../metadata/glsa/glsa-201710-08.xml          |  56 ++++++++++
 .../metadata/glsa/glsa-201710-09.xml          |  66 ++++++++++++
 .../metadata/glsa/timestamp.chk               |   2 +-
 .../metadata/glsa/timestamp.commit            |   2 +-
 12 files changed, 564 insertions(+), 7 deletions(-)
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-01.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-02.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-03.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-04.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-05.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-06.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-07.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-08.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-09.xml

diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-15.xml
index a7507152a4..ee01ba3b83 100644
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-15.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-15.xml
@@ -5,13 +5,13 @@
   <synopsis>A vulnerability in sudo allows local users to gain root privileges.</synopsis>
   <product type="ebuild">sudo,privilege</product>
   <announced>2017-05-30</announced>
-  <revised>2017-05-30: 1</revised>
+  <revised>2017-10-07: 3</revised>
   <bug>620182</bug>
   <access>local</access>
   <affected>
     <package name="app-admin/sudo" auto="yes" arch="*">
-      <unaffected range="ge">1.8.20_p1</unaffected>
-      <vulnerable range="lt">1.8.20_p1</vulnerable>
+      <unaffected range="ge">1.8.20_p2</unaffected>
+      <vulnerable range="lt">1.8.20_p2</vulnerable>
     </package>
   </affected>
   <background>
@@ -27,6 +27,8 @@
       user-controlled, arbitrary tty device during its traversal of “/dev”
       by utilizing the world-writable /dev/shm.
     </p>
+    
+    <p>For further information, please see the Qualys Security Advisory</p>
   </description>
   <impact type="high">
     <p>A local attacker can pretend that his tty is any character device on the
@@ -43,7 +45,7 @@
     
     <code>
       # emerge --sync
-      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.8.20_p1"
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.8.20_p2"
     </code>
     
   </resolution>
@@ -51,7 +53,10 @@
     <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000367">
       CVE-2017-1000367
     </uri>
+    <uri link="https://www.qualys.com/2017/05/30/cve-2017-1000367/cve-2017-1000367.txt">
+      Qualys Security Advisory for CVE-2017-1000367
+    </uri>
   </references>
   <metadata tag="requester" timestamp="2017-05-30T07:27:08Z">K_F</metadata>
-  <metadata tag="submitter" timestamp="2017-05-30T15:17:59Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2017-10-07T14:23:55Z">K_F</metadata>
 </glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-01.xml
new file mode 100644
index 0000000000..4d79ea91fd
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-01.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-01">
+  <title>RubyGems: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were found in RubyGems, the worst of which
+    allows execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">rubygems</product>
+  <announced>2017-10-08</announced>
+  <revised>2017-10-08: 1</revised>
+  <bug>629230</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-ruby/rubygems" auto="yes" arch="*">
+      <unaffected range="ge">2.6.13</unaffected>
+      <vulnerable range="lt">2.6.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>RubyGems is a sophisticated package manager for Ruby.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in RubyGems. Please review
+      the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to install a specially crafted
+      gem, could possibly execute arbitrary code with the privileges of the
+      process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All RubyGems users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-ruby/rubygems-2.6.13"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0899">
+      CVE-2017-0899
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0900">
+      CVE-2017-0900
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0901">
+      CVE-2017-0901
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-0902">
+      CVE-2017-0902
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-03T14:54:42Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T12:53:26Z">chrisadr</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-02.xml
new file mode 100644
index 0000000000..f44b167e62
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-02.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-02">
+  <title>file: Stack-based buffer overflow</title>
+  <synopsis>A stack-based buffer overflow was found in file, possibly resulting
+    in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">file</product>
+  <announced>2017-10-08</announced>
+  <revised>2017-10-08: 1</revised>
+  <bug>629872</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/file" auto="yes" arch="*">
+      <unaffected range="ge">5.32</unaffected>
+      <vulnerable range="lt">5.32</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>file is a utility that guesses a file format by scanning binary data for
+      patterns.
+    </p>
+  </background>
+  <description>
+    <p>An issue discovered in file allows attackers to write 20 bytes to the
+      stack buffer via a specially crafted .notes section.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by using a specially crafted .notes section in an ELF
+      binary, could execute arbitrary code or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All file users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/file-5.32"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000249">
+      CVE-2017-1000249
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-29T23:38:45Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T13:26:24Z">chrisadr</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-03.xml
new file mode 100644
index 0000000000..d55c1d1f47
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-03.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-03">
+  <title>ICU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ICU, the worst of which
+    could allow remote code execution.
+  </synopsis>
+  <product type="ebuild">icu</product>
+  <announced>2017-10-08</announced>
+  <revised>2017-10-08: 1</revised>
+  <bug>616468</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/icu" auto="yes" arch="*">
+      <unaffected range="ge">58.2-r1</unaffected>
+      <vulnerable range="lt">58.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ICU is a mature, widely used set of C/C++ and Java libraries providing
+      Unicode and Globalization support for software applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ICU. Please review the
+      referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ICU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/icu-58.2-r1"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7867">
+      CVE-2017-7867
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7868">
+      CVE-2017-7868
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-03T15:56:43Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T13:30:01Z">chrisadr</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-04.xml
new file mode 100644
index 0000000000..a6ad46e921
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-04.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-04">
+  <title>sudo: Privilege escalation</title>
+  <synopsis>A vulnerability in sudo allows local users to gain root privileges.</synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2017-10-08</announced>
+  <revised>2017-10-08: 1</revised>
+  <bug>620482</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.8.20_p2</unaffected>
+      <vulnerable range="lt">1.8.20_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sudo (su “do”) allows a system administrator to delegate authority
+      to give certain users (or groups of users) the ability to run some (or
+      all) commands as root or another user while providing an audit trail of
+      the commands and their arguments.
+    </p>
+  </background>
+  <description>
+    <p>The fix present in app-admin/sudo-1.8.20_p1 (GLSA 201705-15) was
+      incomplete as it did not address the problem of a command with a newline
+      in the name.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could execute arbitrary code with root privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sudo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.8.20_p2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000368">
+      CVE-2017-1000368
+    </uri>
+    <uri link="https://security.gentoo.org/glsa/201705-15">GLSA 201705-15</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-05T18:00:01Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T13:34:25Z">chrisadr</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-05.xml
new file mode 100644
index 0000000000..9fc4492741
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-05.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-05">
+  <title>Munin: Arbitrary file write</title>
+  <synopsis>A vulnerability in Munin allows local attackers to overwrite any
+    file accessible to the www-data user.
+  </synopsis>
+  <product type="ebuild">munin</product>
+  <announced>2017-10-08</announced>
+  <revised>2017-10-08: 1</revised>
+  <bug>610602</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-analyzer/munin" auto="yes" arch="*">
+      <unaffected range="ge">2.0.33</unaffected>
+      <vulnerable range="lt">2.0.33</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Munin is an open source server monitoring tool.</p>
+  </background>
+  <description>
+    <p>When Munin is compiled with CGI graphics enabled then the files
+      accessible to the www-data user can be overwritten.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker, by setting multiple upper_limit GET parameters, could
+      overwrite files accessible to the www-user.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Munin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/munin-2.0.33"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6188">
+      CVE-2017-6188
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-01T22:42:42Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T13:43:10Z">chrisadr</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-06.xml
new file mode 100644
index 0000000000..2ffbb73c66
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-06.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-06">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst
+    of which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2017-10-08</announced>
+  <revised>2017-10-08: 1</revised>
+  <bug>618462</bug>
+  <bug>627462</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge" slot="9.6">9.6.4</unaffected>
+      <unaffected range="ge" slot="9.5">9.5.8</unaffected>
+      <unaffected range="ge" slot="9.4">9.4.13</unaffected>
+      <unaffected range="ge" slot="9.3">9.3.18</unaffected>
+      <unaffected range="ge" slot="9.2">9.2.22</unaffected>
+      <vulnerable range="lt">9.6.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could escalate privileges, cause a Denial of Service
+      condition, obtain passwords, cause a loss in information, or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL 9.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.6.4"
+    </code>
+    
+    <p>All PostgreSQL 9.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.5.8"
+    </code>
+    
+    <p>All PostgreSQL 9.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.4.13"
+    </code>
+    
+    <p>All PostgreSQL 9.3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.3.18"
+    </code>
+    
+    <p>All PostgreSQL 9.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.2.22"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7484">
+      CVE-2017-7484
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7485">
+      CVE-2017-7485
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7486">
+      CVE-2017-7486
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7546">
+      CVE-2017-7546
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7547">
+      CVE-2017-7547
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7548">
+      CVE-2017-7548
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-02T06:12:53Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T13:55:26Z">chrisadr</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-07.xml
new file mode 100644
index 0000000000..8f01fb85b8
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-07.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-07">
+  <title>OCaml: Privilege escalation</title>
+  <synopsis>A vulnerability in OCaml may allow local users to gain root
+    privileges.
+    
+  </synopsis>
+  <product type="ebuild">ocaml</product>
+  <announced>2017-10-08</announced>
+  <revised>2017-10-08: 1</revised>
+  <bug>622544</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/ocaml" auto="yes" arch="*">
+      <unaffected range="ge">4.04.2</unaffected>
+      <vulnerable range="lt">4.04.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OCaml is a high-level, strongly-typed, functional, and object-oriented
+      programming language from the ML family of languages.
+    </p>
+  </background>
+  <description>
+    <p>A bad sanitization of environment variables: CAML_CPLUGINS,
+      CAML_NATIVE_CPLUGINS and CAML_BYTE_CPLUGINS in the OCaml compiler allows
+      the execution of raised privileges via external code.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker, by using specially crafted environment variables,
+      could possibly escalate privileges to the root group.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OCaml users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/ocaml-4.04.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9772">
+      CVE-2017-9772
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-27T11:54:27Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T14:04:43Z">chrisadr</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-08.xml
new file mode 100644
index 0000000000..ea0a9f6277
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-08.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-08">
+  <title>Pacemaker: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Pacemaker, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">pacemaker</product>
+  <announced>2017-10-08</announced>
+  <revised>2017-10-08: 1</revised>
+  <bug>546550</bug>
+  <bug>599194</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-cluster/pacemaker" auto="yes" arch="*">
+      <unaffected range="ge">1.1.16 </unaffected>
+      <vulnerable range="lt">1.1.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pacemaker is an Open Source, High Availability resource manager suitable
+      for both small and large clusters.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Pacemaker. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code or a local attacker could
+      escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pacemaker users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-cluster/pacemaker-1.1.16 "
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1867">
+      CVE-2015-1867
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7035">
+      CVE-2016-7035
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-03T21:27:22Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T14:14:41Z">chrisadr</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-09.xml
new file mode 100644
index 0000000000..09e2c7dce9
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-09.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-09">
+  <title>PCRE2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PCRE2, the worst of
+    which may allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libpcre2</product>
+  <announced>2017-10-08</announced>
+  <revised>2017-10-08: 1</revised>
+  <bug>614050</bug>
+  <bug>617942</bug>
+  <bug>617944</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libpcre2" auto="yes" arch="*">
+      <unaffected range="ge">10.30</unaffected>
+      <vulnerable range="lt">10.30</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PCRE2 is a project based on PCRE (Perl Compatible Regular Expressions)
+      which has a new and revised API.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PCRE2. Please review
+      the referenced CVE identifiers for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or have
+      other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PCRE2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libpcre2-10.30"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7186">
+      CVE-2017-7186
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8399">
+      CVE-2017-8399
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8786">
+      CVE-2017-8786
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-19T01:23:39Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-08T14:42:50Z">chrisadr</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
index 4a930ded7f..4996685384 100644
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 29 Sep 2017 17:39:27 +0000
+Mon, 09 Oct 2017 18:08:59 +0000
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
index de145b11d5..9a85e68140 100644
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-612f47deca97e8d7ffc2100c1dbc82a602abdf39 1506632095 2017-09-28T20:54:55+00:00
+6563aef7bcf2b256b39e321f440df3efe76f81f4 1507473808 2017-10-08T14:43:28+00:00