portage-stable/metadata: Monthly GLSA metadata updates

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest

@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 540216 BLAKE2B d30aef090eaffb1f3ce91f96dfcc44f7a5d1a954885fba68126dee1aa21a3de740e45dd7106f5d3ba2b51e48eda29870b954e2a90cc8bfa9dc1ac93912daadef SHA512 f9ff42d8d58ea6e6bae5d32f95af7bcddc333ce0478d31cfefb14e85c8d99eaf4d3d9a0802c961e3f7e7d8f3696894cb1d1d0e81db3807d1796858a550f0351f
+MANIFEST Manifest.files.gz 546124 BLAKE2B b8c960a7f19f0cac8ea254b9330e3a1add1f4be28ff0a9b4020f5e68f250a6b511280b7dd1dec4e472c73320abae493b0ab8441075c681803abfb19ea280332e SHA512 0dccc4f920463740ab2803f55b50f1cf0df2af9d58750c12c98fe5963dc8738d5a3e8d6a895c2e0d3ba8230bb61557b6e88b4fa56b2f05f5697577b68a9413df
-TIMESTAMP 2023-05-02T07:09:55Z
+TIMESTAMP 2023-06-01T06:39:42Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmRQt0NfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmR4PS5fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klD2Fg/+P1LHHdbaCtEumGlsgXOdqMgwb2UVJgi8xWWNc2M4awOg8m2yFxf21PnT
+klAHGBAAhvLOFASJCw4R2lcPucKmYekFuZsNeQc6k51XTfI+eeP6fNiLV6nxCDxK
-hvscMkY3ndOFXn6hzaLCY87lv/725nxEqDoOm3tgL8hf1V6iCJIpokoHqHGr0RhI
+l/Swjoa1ynWIq9W09NsRHlfvX4x7f9k5A/F6b7JRCNbN60T7q4jOmuakaZrR9v88
-kz4uh2wd5g91yTUooLhtCAtWKckTTuqPgne/4NJc3zPeJbpgzlqcgLNP5srFEuTt
+0c3xKeaIS2J9KGiIBcioyXsMTSFexZbt2Ts/goUyca3KJUsX/fit6SnY8gI3Bmb3
-TwoTNt99iIwdpHjIRKu4ECZMEikFSmLft0Kc0mXjZnT5BPNOvhaWY26vRT/3ohQl
++aDc8VLbqX2kNsfCBWQNtMJmytrdzTqr1BeQmaTxYrLGuX52jHU3ecGFcF3tBYLV
-kekNv1MXHkBlc9AUUJ75VPxVeRtjJ3HKe5GgSg0QNSS+Aisl9bq/VGmWhS5UBcHs
+PBMTQfE4klf4qAcXWpOCpsa5RFtXolq/UkE43FoO8BUqHhkhc5OL4OjTeE9q6wc5
-K736CImufTLCLd2WvapwUGT7v4d/bVC/L+BhGnwZV5rTQ0uCaQ71zSB/vVJdsFVd
+Mcxg77Br7q5aWZZcR5rRwHj9LgVP8H78FmgdCY0RhGHg6EZ5eZNp+6OtzCkwI6et
-cE2Yzh/iKFvQw8AgIsrjcMG7xqJhw3/Auzb6/0Q+rQn3Efq0pR/1NMRkWvXCPBiJ
+n6z5rqSdER/1Z5vRPgmYgQ1i718XKiEkCQeTJraMD6AWJAjNTtu9eJA9Kz0Mplk+
-tj4U4X724O/VhVgOBrO+5IKrfQSj+p9KjmuxwQBQenf77MF+XfOleie6dwNQCf4X
+KV0ibpIr87aOxAs/FyCn5XibLSw3tAjMlalldpervMM9N4imzHdiHkVVCURCUAFM
-5L3b+q+GEvIrGok1+sXYLOoe+hL/RQpbVmk/HpSqSGR92pCe/DLYxUSp64k0rtaS
+TP4cq4B0QGTl+OUk83KQCo5LaKICd0YyB7dPETlMVMyl7RFdok4NxlS5LWTYFpOa
-CA9BKn5cV0FFd/jTBGckoV2hoF/HsE/vg3qYxvoOy/PN3e+gSa/ZT6GMsCJgHK3U
+fook5SuScNiA/U+iNguBqizJiNYsWzm2lBooiZjhXeMSKMtdsZiqLMULyd++Xbwb
-/AQ2NC8/dHPAW3wU/lonCqTPt03xUq/D1Ed0/NZ7kNovux+kGJ0=
+ajHbRoolz7wfTLtOXJtmsO1ELTs7K8jlmzGzbQAVH3rG9oyVAgY=
-=1Hre
+=SDuX
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202211-07.xml

@@ -5,13 +5,13 @@
     <synopsis>An integer overflow vulnerability has been found in sysstat which could result in arbitrary code execution.</synopsis>
     <product type="ebuild">sysstat</product>
     <announced>2022-11-22</announced>
-    <revised count="1">2022-11-22</revised>
+    <revised count="2">2023-05-29</revised>
     <bug>880543</bug>
     <access>local</access>
     <affected>
         <package name="app-admin/sysstat" auto="yes" arch="*">
-            <unaffected range="ge">12.7.1</unaffected>
+            <unaffected range="ge">12.6.2-r1</unaffected>
-            <vulnerable range="lt">12.7.1</vulnerable>
+            <vulnerable range="lt">12.6.2-r1</vulnerable>
         </package>
     </affected>
     <background>
@@ -31,7 +31,7 @@
         
         <code>
           # emerge --sync
-          # emerge --ask --oneshot --verbose ">=app-admin/sysstat-12.7.1"
+          # emerge --ask --oneshot --verbose ">=app-admin/sysstat-12.6.2-r1"
         </code>
     </resolution>
     <references>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-01.xml

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-01">
+    <title>AtomicParsley: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">atomicparsley,atomicparsley-wez</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>806845</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-video/atomicparsley" auto="yes" arch="*">
+            <unaffected range="ge">0.9.6_p20210715_p151551</unaffected>
+            <vulnerable range="lt">0.9.6_p20210715_p151551</vulnerable>
+        </package>
+        <package name="media-video/atomicparsley-wez" auto="yes" arch="*">
+            <vulnerable range="le">0.9.6</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>AtomicParsley is a command line program for manipulating iTunes-style metadata in MPEG4 files.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in AtomicParsley. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>Users can pass only trusted input to AtomicParsley.</p>
+    </workaround>
+    <resolution>
+        <p>Previously, the "wez" AtomicParsley fork was packaged in Gentoo as media-video/atomicparsley-wez. This fork is now packaged as media-video/atomicparsley, so users of the fork's package should now depclean it:</p>
+        
+        <code>
+          # emerge --ask --depclean "media-video/atomicparsley-wez"
+        </code>
+        
+        <p>All AtomicParsley users should upgrade to the latest version, which is a packaging of the "wez" AtomicParsley fork:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-video/atomicparsley-0.9.6_p20210715_p151551"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37231">CVE-2021-37231</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37232">CVE-2021-37232</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T09:11:30.867104Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T09:11:30.873823Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-02.xml

@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-02">
+    <title>Python, PyPy3: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">pypy3,python</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>880629</bug>
+    <bug>878385</bug>
+    <bug>877851</bug>
+    <bug>876815</bug>
+    <bug>864747</bug>
+    <bug>838250</bug>
+    <bug>835443</bug>
+    <bug>834533</bug>
+    <bug>787260</bug>
+    <bug>811165</bug>
+    <bug>793833</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="dev-lang/python" auto="yes" arch="*">
+            <unaffected range="ge" slot="3.8">3.8.15_p3</unaffected>
+            <unaffected range="ge" slot="3.9">3.9.15_p3</unaffected>
+            <unaffected range="ge" slot="3.10">3.10.8_p3</unaffected>
+            <unaffected range="ge" slot="3.11">3.11.0_p2</unaffected>
+            <unaffected range="ge" slot="12">3.12.0_alpha1_p2</unaffected>
+            <vulnerable range="lt" slot="3.8">3.8.15_p3</vulnerable>
+            <vulnerable range="lt" slot="3.9">3.9.15_p3</vulnerable>
+            <vulnerable range="lt" slot="3.10">3.10.8_p3</vulnerable>
+            <vulnerable range="lt" slot="3.11">3.11.0_p2</vulnerable>
+            <vulnerable range="lt" slot="12">3.12.0_alpha1_p2</vulnerable>
+        </package>
+        <package name="dev-python/pypy3" auto="yes" arch="*">
+            <unaffected range="ge">7.3.9_p9</unaffected>
+            <vulnerable range="lt">7.3.9_p9</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Python is an interpreted, interactive, object-oriented, cross-platform programming language.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Python and PyPy3. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Python 3.8 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.15_p3:3.8"
+        </code>
+        
+        <p>All Python 3.9 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.9.15_p3:3.9"
+        </code>
+        
+        <p>All Python 3.10 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.10.8_p3:3.10"
+        </code>
+        
+        <p>All Python 3.11 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.11.0_p2:3.11"
+        </code>
+        
+        <p>All Python 3.12 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.12.0_alpha1_p2"
+        </code>
+        
+        <p>All PyPy3 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-python/pypy3-7.3.9_p9"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2015-20107">CVE-2015-20107</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3654">CVE-2021-3654</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28363">CVE-2021-28363</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28861">CVE-2021-28861</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29921">CVE-2021-29921</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0391">CVE-2022-0391</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37454">CVE-2022-37454</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42919">CVE-2022-42919</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45061">CVE-2022-45061</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T09:12:43.325618Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T09:12:43.330732Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-03.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-03">
+    <title>ProFTPd: Memory Disclosure</title>
+    <synopsis>A vulnerability has been discovered in ProFTPd which could result in memory disclosure.</synopsis>
+    <product type="ebuild">proftpd</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>811495</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-ftp/proftpd" auto="yes" arch="*">
+            <unaffected range="ge">1.3.7c</unaffected>
+            <vulnerable range="lt">1.3.7c</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>ProFTPD is an advanced and very configurable FTP server.</p>
+    </background>
+    <description>
+        <p>ProFTPd unconditionally sends passwords to Radius servers for authentication in multiples of 16 bytes. If a password is not of a length that is a multiple of 16 bytes, ProFTPd will read beyond the end of the password string and send bytes beyond the end of the string buffer.</p>
+    </description>
+    <impact type="low">
+        <p>Radius servers used for authentication can receive the contents of the ProFTPd process&#39; memory.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All ProFTPd users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.7c"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46854">CVE-2021-46854</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T09:13:03.619655Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T09:13:03.623017Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-04.xml

@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-04">
+    <title>dbus-broker: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in dbus-broker, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">dbus-broker</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>851696</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-apps/dbus-broker" auto="yes" arch="*">
+            <unaffected range="ge">31</unaffected>
+            <vulnerable range="lt">31</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>dbus-broker is a Linux D-Bus message broker.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in dbus-broker. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All dbus-broker users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-apps/dbus-broker-31"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31212">CVE-2022-31212</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31213">CVE-2022-31213</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T09:13:30.551831Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T09:13:30.556193Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-05.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-05">
+    <title>xfce4-settings: Browser Argument Injection</title>
+    <synopsis>A vulnerability has been discovered in xfce4-settings which could result in universal cross site scripting (&#34;uXSS&#34;).</synopsis>
+    <product type="ebuild">xfce4-settings</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>880257</bug>
+    <access>remote</access>
+    <affected>
+        <package name="xfce-base/xfce4-settings" auto="yes" arch="*">
+            <unaffected range="ge">4.17.1</unaffected>
+            <vulnerable range="lt">4.17.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>xfce4-settings contains the configuration system for the Xfce desktop environment.</p>
+    </background>
+    <description>
+        <p>xfce4-settings does not sufficiently sanitize URLs opened via xdg4-mime-helper-tool (which is called when a user clicks a link in e.g. Firefox).</p>
+    </description>
+    <impact type="normal">
+        <p>The vulnerability can be leveraged into 1-click universal cross site scripting in some browsers, or potentially other unspecified impact.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All xfce4-settings users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=xfce-base/xfce4-settings-4.17.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45062">CVE-2022-45062</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T09:14:46.477138Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T09:14:46.480051Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-06.xml

@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-06">
+    <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">firefox,firefox-bin</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>885813</bug>
+    <bug>891213</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-client/firefox" auto="yes" arch="*">
+            <unaffected range="ge" slot="esr">102.7.0</unaffected>
+            <unaffected range="ge" slot="rapid">109.0</unaffected>
+            <vulnerable range="lt" slot="esr">102.7.0</vulnerable>
+            <vulnerable range="lt" slot="rapid">109.0</vulnerable>
+        </package>
+        <package name="www-client/firefox-bin" auto="yes" arch="*">
+            <unaffected range="ge" slot="esr">102.7.0</unaffected>
+            <unaffected range="ge" slot="rapid">109.0</unaffected>
+            <vulnerable range="lt" slot="esr">102.7.0</vulnerable>
+            <vulnerable range="lt" slot="rapid">109.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.7.0:esr"
+        </code>
+        
+        <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-102.7.0:esr"
+        </code>
+        
+        <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-109.0:rapid"
+        </code>
+        
+        <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-109.0:rapid"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46871">CVE-2022-46871</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46872">CVE-2022-46872</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46873">CVE-2022-46873</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46874">CVE-2022-46874</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46875">CVE-2022-46875</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46877">CVE-2022-46877</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46878">CVE-2022-46878</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46879">CVE-2022-46879</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46880">CVE-2022-46880</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46881">CVE-2022-46881</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46882">CVE-2022-46882</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23597">CVE-2023-23597</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23598">CVE-2023-23598</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23599">CVE-2023-23599</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23600">CVE-2023-23600</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23601">CVE-2023-23601</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23602">CVE-2023-23602</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23603">CVE-2023-23603</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23604">CVE-2023-23604</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23605">CVE-2023-23605</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23606">CVE-2023-23606</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T09:15:03.866930Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T09:15:03.869869Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-07.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-07">
+    <title>slixmpp: Insufficient Certificate Validation</title>
+    <synopsis>A vulnerability has been discovered in slixmpp which can result in successful man-in-the-middle attacks.</synopsis>
+    <product type="ebuild">slixmpp</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>881181</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-python/slixmpp" auto="yes" arch="*">
+            <unaffected range="ge">1.8.3</unaffected>
+            <vulnerable range="lt">1.8.3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>slixmpp is a Python 3 library for XMPP.</p>
+    </background>
+    <description>
+        <p>slixmpp does not validate hostnames in certificates used by connected servers.</p>
+    </description>
+    <impact type="low">
+        <p>An attacker could perform a man-in-the-middle attack on users&#39; connections to servers with slixmpp.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All slixmpp users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --upgrade --verbose ">=dev-python/slixmpp-1.8.3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45197">CVE-2022-45197</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T09:47:07.895475Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T09:47:07.900775Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-08.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-08">
+    <title>D-Bus: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in D-Bus, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">dbus</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>875518</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-apps/dbus" auto="yes" arch="*">
+            <unaffected range="ge">1.14.4</unaffected>
+            <vulnerable range="lt">1.14.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>D-Bus is a daemon providing a framework for applications to communicate with one another.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All D-Bus users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.14.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42010">CVE-2022-42010</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42011">CVE-2022-42011</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42012">CVE-2022-42012</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T09:52:25.396421Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T09:52:25.399162Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-09.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-09">
+    <title>syslog-ng: Denial of Service</title>
+    <synopsis>A denial of service vulnerability was discovered in rsyslog related to syslog input over the network.</synopsis>
+    <product type="ebuild">syslog-ng</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>891941</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-admin/syslog-ng" auto="yes" arch="*">
+            <unaffected range="ge">3.38.1</unaffected>
+            <vulnerable range="lt">3.38.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>syslog replacement with advanced filtering features.</p>
+    </background>
+    <description>
+        <p>An integer overflow in the RFC3164 parser allows remote attackers to cause a denial of service via crafted syslog input that is mishandled by the tcp or network function.</p>
+    </description>
+    <impact type="normal">
+        <p>Attackers with access to input syslogs over syslog-ng&#39;s network functionality can cause a denial of service.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All syslog-ng users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.38.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38725">CVE-2022-38725</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T09:52:45.897422Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T09:52:45.899984Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-10.xml

@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-10">
+    <title>Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.</synopsis>
+    <product type="ebuild">chromium,chromium-bin,google-chrome,microsoft-edge</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>876855</bug>
+    <bug>878825</bug>
+    <bug>883031</bug>
+    <bug>883697</bug>
+    <bug>885851</bug>
+    <bug>890726</bug>
+    <bug>886479</bug>
+    <bug>890728</bug>
+    <bug>891501</bug>
+    <bug>891503</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-client/chromium" auto="yes" arch="*">
+            <unaffected range="ge">109.0.5414.74-r1</unaffected>
+            <vulnerable range="lt">109.0.5414.74-r1</vulnerable>
+        </package>
+        <package name="www-client/chromium-bin" auto="yes" arch="*">
+            <unaffected range="ge">109.0.5414.74</unaffected>
+            <vulnerable range="lt">109.0.5414.74</vulnerable>
+        </package>
+        <package name="www-client/google-chrome" auto="yes" arch="*">
+            <unaffected range="ge">109.0.5414.74</unaffected>
+            <vulnerable range="lt">109.0.5414.74</vulnerable>
+        </package>
+        <package name="www-client/microsoft-edge" auto="yes" arch="*">
+            <unaffected range="ge">109.0.1518.61</unaffected>
+            <vulnerable range="lt">109.0.1518.61</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
+
+Google Chrome is one fast, simple, and secure browser for all your devices.
+
+Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Chromium, Google Chrome, Microsoft Edge. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Chromium users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/chromium-109.0.5414.74-r1"
+        </code>
+        
+        <p>All Chromium binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-109.0.5414.74"
+        </code>
+        
+        <p>All Google Chrome users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/google-chrome-109.0.5414.74"
+        </code>
+        
+        <p>All Microsoft Edge users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-109.0.1518.61"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3445">CVE-2022-3445</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3446">CVE-2022-3446</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3447">CVE-2022-3447</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3448">CVE-2022-3448</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3449">CVE-2022-3449</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3450">CVE-2022-3450</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3723">CVE-2022-3723</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4135">CVE-2022-4135</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4174">CVE-2022-4174</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4175">CVE-2022-4175</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4176">CVE-2022-4176</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4177">CVE-2022-4177</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4178">CVE-2022-4178</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4179">CVE-2022-4179</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4180">CVE-2022-4180</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4181">CVE-2022-4181</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4182">CVE-2022-4182</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4183">CVE-2022-4183</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4184">CVE-2022-4184</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4185">CVE-2022-4185</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4186">CVE-2022-4186</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4187">CVE-2022-4187</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4188">CVE-2022-4188</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4189">CVE-2022-4189</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4190">CVE-2022-4190</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4191">CVE-2022-4191</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4192">CVE-2022-4192</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4193">CVE-2022-4193</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4194">CVE-2022-4194</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4195">CVE-2022-4195</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4436">CVE-2022-4436</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4437">CVE-2022-4437</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4438">CVE-2022-4438</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4439">CVE-2022-4439</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4440">CVE-2022-4440</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41115">CVE-2022-41115</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44688">CVE-2022-44688</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44708">CVE-2022-44708</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0128">CVE-2023-0128</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0129">CVE-2023-0129</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0130">CVE-2023-0130</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0131">CVE-2023-0131</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0132">CVE-2023-0132</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0133">CVE-2023-0133</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0134">CVE-2023-0134</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0135">CVE-2023-0135</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0136">CVE-2023-0136</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0137">CVE-2023-0137</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0138">CVE-2023-0138</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0139">CVE-2023-0139</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0140">CVE-2023-0140</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0141">CVE-2023-0141</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21719">CVE-2023-21719</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21775">CVE-2023-21775</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21795">CVE-2023-21795</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21796">CVE-2023-21796</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T09:53:05.056143Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T09:53:05.059084Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-11.xml

@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-11">
+    <title>Tor: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Tor, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">tor</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>808681</bug>
+    <bug>852821</bug>
+    <bug>890618</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-vpn/tor" auto="yes" arch="*">
+            <unaffected range="ge">0.4.7.13</unaffected>
+            <vulnerable range="lt">0.4.7.13</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Tor users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-vpn/tor-0.4.7.13"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38385">CVE-2021-38385</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33903">CVE-2022-33903</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23589">CVE-2023-23589</uri>
+        <uri>TROVE-2021-007</uri>
+        <uri>TROVE-2022-001</uri>
+        <uri>TROVE-2022-002</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T09:53:19.845731Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T09:53:19.850253Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-12.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-12">
+    <title>sudo: Root Privilege Escalation</title>
+    <synopsis>A vulnerability has been discovered in sudo which could result in root privilege escalation.</synopsis>
+    <product type="ebuild">sudo</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>891335</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-admin/sudo" auto="yes" arch="*">
+            <unaffected range="ge">1.9.12_p2</unaffected>
+            <vulnerable range="lt">1.9.12_p2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>sudo allows a system administrator to give users the ability to run commands as other users.</p>
+    </background>
+    <description>
+        <p>The sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process.</p>
+    </description>
+    <impact type="high">
+        <p>The improper processing of user&#39;s environment variables could lead to the editing of arbitrary files as root, potentially leading to root privilege escalation.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All sudo users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.12_p2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22809">CVE-2023-22809</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T09:53:34.200622Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T09:53:34.205155Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-13.xml

@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-13">
+    <title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">thunderbird,thunderbird-bin</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>885815</bug>
+    <bug>891217</bug>
+    <access>remote</access>
+    <affected>
+        <package name="mail-client/thunderbird" auto="yes" arch="*">
+            <unaffected range="ge">102.7.0</unaffected>
+            <vulnerable range="lt">102.7.0</vulnerable>
+        </package>
+        <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+            <unaffected range="ge">102.7.0</unaffected>
+            <vulnerable range="lt">102.7.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Thunderbird binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.7.0"
+        </code>
+        
+        <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.7.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46871">CVE-2022-46871</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46872">CVE-2022-46872</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46874">CVE-2022-46874</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46875">CVE-2022-46875</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46877">CVE-2022-46877</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46878">CVE-2022-46878</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46880">CVE-2022-46880</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46881">CVE-2022-46881</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46882">CVE-2022-46882</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23598">CVE-2023-23598</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23599">CVE-2023-23599</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23601">CVE-2023-23601</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23602">CVE-2023-23602</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23603">CVE-2023-23603</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23605">CVE-2023-23605</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T10:03:08.414596Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T10:03:08.419037Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-14.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-14">
+    <title>uptimed: Root Privilege Escalation</title>
+    <synopsis>A vulnerability has been discovered in uptimed which could result in root privilege escalation.</synopsis>
+    <product type="ebuild">uptimed</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>630810</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-misc/uptimed" auto="yes" arch="*">
+            <unaffected range="ge">0.4.6-r1</unaffected>
+            <vulnerable range="lt">0.4.6-r1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>uptimed is a system uptime record daemon that keeps track of your highest uptimes.</p>
+    </background>
+    <description>
+        <p>Via unnecessary file ownership modifications in the pkg_postinst ebuild phase, the uptimed user could change arbitrary files to be owned by the uptimed user at emerge-time.</p>
+    </description>
+    <impact type="high">
+        <p>The uptimed user could achieve root privileges when the uptimed package is emerged.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All uptimed users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-misc/uptimed-0.4.6-r1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36657">CVE-2020-36657</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T10:03:26.877508Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T10:03:26.880820Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-15.xml

@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-15">
+    <title>systemd: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in systemd, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">systemd,systemd-tmpfiles,systemd-utils,udev</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>880547</bug>
+    <bug>830967</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-apps/systemd" auto="yes" arch="*">
+            <unaffected range="ge">251.3</unaffected>
+            <vulnerable range="lt">251.3</vulnerable>
+        </package>
+        <package name="sys-apps/systemd-tmpfiles" auto="yes" arch="*">
+            <vulnerable range="lt">250</vulnerable>
+        </package>
+        <package name="sys-apps/systemd-utils" auto="yes" arch="*">
+            <unaffected range="ge">251.3</unaffected>
+            <vulnerable range="lt">251.3</vulnerable>
+        </package>
+        <package name="sys-fs/udev" auto="yes" arch="*">
+            <vulnerable range="lt">250</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>A system and service manager.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All systemd users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-apps/systemd-251.3"
+        </code>
+        
+        <p>All systemd-utils users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-apps/systemd-utils-251.3"
+        </code>
+        
+        <p>Gentoo has discontinued support for sys-apps/systemd-tmpfiles, sys-boot/systemd-boot, and sys-fs/udev. See the 2022-04-19-systemd-utils news item. Users should unmerge it in favor of sys-apps/systemd-utils on non-systemd systems:</p>
+        
+        <code>
+          # emerge --ask --depclean --verbose "sys-apps/systemd-tmpfiles" "sys-boot/systemd-boot" "sys-fs/udev"
+          # emerge --ask --verbose --oneshot ">=sys-apps/systemd-utils-251.3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3997">CVE-2021-3997</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3821">CVE-2022-3821</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T10:03:45.135890Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T10:03:45.140859Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-16.xml

@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-16">
+    <title>Vim, gVim: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">gvim,vim,vim-core</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>851231</bug>
+    <bug>861092</bug>
+    <bug>869359</bug>
+    <bug>879257</bug>
+    <bug>883681</bug>
+    <bug>889730</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-editors/gvim" auto="yes" arch="*">
+            <unaffected range="ge">9.0.1157</unaffected>
+            <vulnerable range="lt">9.0.1157</vulnerable>
+        </package>
+        <package name="app-editors/vim" auto="yes" arch="*">
+            <unaffected range="ge">9.0.1157</unaffected>
+            <vulnerable range="lt">9.0.1157</vulnerable>
+        </package>
+        <package name="app-editors/vim-core" auto="yes" arch="*">
+            <unaffected range="ge">9.0.1157</unaffected>
+            <vulnerable range="lt">9.0.1157</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Vim users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.1157"
+        </code>
+        
+        <p>All gVim users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.1157"
+        </code>
+        
+        <p>All vim-core users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.1157"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1154">CVE-2022-1154</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1160">CVE-2022-1160</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1381">CVE-2022-1381</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1420">CVE-2022-1420</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1616">CVE-2022-1616</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1619">CVE-2022-1619</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1620">CVE-2022-1620</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1621">CVE-2022-1621</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1629">CVE-2022-1629</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1674">CVE-2022-1674</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1720">CVE-2022-1720</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1725">CVE-2022-1725</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1733">CVE-2022-1733</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1735">CVE-2022-1735</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1769">CVE-2022-1769</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1771">CVE-2022-1771</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1785">CVE-2022-1785</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1796">CVE-2022-1796</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1851">CVE-2022-1851</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1886">CVE-2022-1886</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1897">CVE-2022-1897</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1898">CVE-2022-1898</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1927">CVE-2022-1927</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1942">CVE-2022-1942</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1968">CVE-2022-1968</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2000">CVE-2022-2000</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2042">CVE-2022-2042</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2124">CVE-2022-2124</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2125">CVE-2022-2125</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2126">CVE-2022-2126</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2129">CVE-2022-2129</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2175">CVE-2022-2175</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2182">CVE-2022-2182</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2183">CVE-2022-2183</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2206">CVE-2022-2206</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2207">CVE-2022-2207</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2208">CVE-2022-2208</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2210">CVE-2022-2210</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2231">CVE-2022-2231</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2257">CVE-2022-2257</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2264">CVE-2022-2264</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2284">CVE-2022-2284</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2285">CVE-2022-2285</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2286">CVE-2022-2286</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2287">CVE-2022-2287</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2288">CVE-2022-2288</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2289">CVE-2022-2289</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2304">CVE-2022-2304</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2343">CVE-2022-2343</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2344">CVE-2022-2344</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2345">CVE-2022-2345</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2522">CVE-2022-2522</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2816">CVE-2022-2816</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2817">CVE-2022-2817</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2819">CVE-2022-2819</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2845">CVE-2022-2845</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2849">CVE-2022-2849</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2862">CVE-2022-2862</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2874">CVE-2022-2874</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2889">CVE-2022-2889</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2923">CVE-2022-2923</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2946">CVE-2022-2946</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2980">CVE-2022-2980</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2982">CVE-2022-2982</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3016">CVE-2022-3016</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3099">CVE-2022-3099</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3134">CVE-2022-3134</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3153">CVE-2022-3153</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3234">CVE-2022-3234</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3235">CVE-2022-3235</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3256">CVE-2022-3256</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3278">CVE-2022-3278</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3296">CVE-2022-3296</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3297">CVE-2022-3297</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3324">CVE-2022-3324</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3352">CVE-2022-3352</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3491">CVE-2022-3491</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3520">CVE-2022-3520</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3591">CVE-2022-3591</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3705">CVE-2022-3705</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4141">CVE-2022-4141</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4292">CVE-2022-4292</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4293">CVE-2022-4293</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47024">CVE-2022-47024</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0049">CVE-2023-0049</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0051">CVE-2023-0051</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0054">CVE-2023-0054</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T10:03:57.350349Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T10:03:57.353137Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-17.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-17">
+    <title>libsdl: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in libsdl, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">libsdl</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>692388</bug>
+    <bug>836665</bug>
+    <bug>861809</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-libs/libsdl" auto="yes" arch="*">
+            <unaffected range="ge">1.2.15_p20221201</unaffected>
+            <vulnerable range="lt">1.2.15_p20221201</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in SDL. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All libsdl users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/libsdl-1.2.15_p20221201"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7572">CVE-2019-7572</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7573">CVE-2019-7573</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7574">CVE-2019-7574</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7575">CVE-2019-7575</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7576">CVE-2019-7576</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7577">CVE-2019-7577</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7578">CVE-2019-7578</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7635">CVE-2019-7635</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7636">CVE-2019-7636</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7638">CVE-2019-7638</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13616">CVE-2019-13616</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33657">CVE-2021-33657</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34568">CVE-2022-34568</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T10:04:10.572876Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T10:04:10.575693Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-18.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-18">
+    <title>libsdl2: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in libsdl2, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">libsdl2</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>836665</bug>
+    <bug>890614</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-libs/libsdl2" auto="yes" arch="*">
+            <unaffected range="ge">2.26.0</unaffected>
+            <vulnerable range="lt">2.26.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in libsdl2. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All libsdl2 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/libsdl2-2.26.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33657">CVE-2021-33657</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4743">CVE-2022-4743</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T10:04:24.467262Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T10:04:24.470744Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-19.xml

@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-19">
+    <title>Firejail: Local Privilege Escalation</title>
+    <synopsis>A vulnerability has been discovered in Firejail which could result in local root privilege escalation.</synopsis>
+    <product type="ebuild">firejail,firejail-lts</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>850748</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-apps/firejail" auto="yes" arch="*">
+            <unaffected range="ge">0.9.70</unaffected>
+            <vulnerable range="lt">0.9.70</vulnerable>
+        </package>
+        <package name="sys-apps/firejail-lts" auto="yes" arch="*">
+            <vulnerable range="le">0.9.56.2-r1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf.</p>
+    </background>
+    <description>
+        <p>Firejail does not sufficiently validate the user&#39;s environment prior to using it as the root user when using the --join command line option.</p>
+    </description>
+    <impact type="normal">
+        <p>An unprivileged user can exploit this vulnerability to achieve local root privileges.</p>
+    </impact>
+    <workaround>
+        <p>System administrators can mitigate this vulnerability via adding either &#34;force-nonewprivs yes&#34; or &#34;join no&#34; to the Firejail configuration file in /etc/firejail/firejail.config.</p>
+    </workaround>
+    <resolution>
+        <p>Gentoo has discontinued support for sys-apps/firejail-lts. Users should unmerge it in favor of sys-apps/firejail:</p>
+        
+        <code>
+          # emerge --ask --depclean --verbose "sys-apps/firejail-lts"
+          # emerge --ask --verbose "sys-apps/firejail"
+        </code>
+        
+        <p>All Firejail users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --ask --oneshot --verbose ">=sys-apps/firejail-0.9.70"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31214">CVE-2022-31214</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T10:04:36.994181Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T10:04:36.999752Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-20.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-20">
+    <title>libapreq2: Buffer Overflow</title>
+    <synopsis>A buffer overflow vulnerability has been discovered in libapreq2 which could result in denial of service.</synopsis>
+    <product type="ebuild">libapreq2</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>866536</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-apache/libapreq2" auto="yes" arch="*">
+            <unaffected range="ge">2.17</unaffected>
+            <vulnerable range="lt">2.17</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>libapreq is a shared library with associated modules for manipulating client request data via the Apache API.</p>
+    </background>
+    <description>
+        <p>A buffer overflow could occur when processing multipart form uploads.</p>
+    </description>
+    <impact type="low">
+        <p>An attacker could submit a crafted multipart form to trigger the buffer overflow and cause a denial of service.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All libapreq2 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-apache/libapreq2-2.17"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22728">CVE-2022-22728</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T10:05:03.532537Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T10:05:03.535300Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-21.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-21">
+    <title>Cairo: Buffer Overflow Vulnerability</title>
+    <synopsis>A buffer overflow vulnerability has been discovered in Cairo which could result in denial of service.</synopsis>
+    <product type="ebuild">cairo</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>777123</bug>
+    <access>remote</access>
+    <affected>
+        <package name="x11-libs/cairo" auto="yes" arch="*">
+            <unaffected range="ge">1.17.6</unaffected>
+            <vulnerable range="lt">1.17.6</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Cairo is a 2D vector graphics library with cross-device output support.</p>
+    </background>
+    <description>
+        <p>An attacker with the ability to provide input to Cairo&#39;s image-compositor can cause a buffer overwrite.</p>
+    </description>
+    <impact type="normal">
+        <p>Malicious input to Cairo&#39;s image-compositor can result in denial of service of the application using such Cairo functionality.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Cairo users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=x11-libs/cairo-1.17.6"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35492">CVE-2020-35492</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T10:32:09.444977Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T10:32:09.447930Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-22.xml

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-22">
+    <title>ISC DHCP: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in ISC DHCP, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">dhcp</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>875521</bug>
+    <bug>792324</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-misc/dhcp" auto="yes" arch="*">
+            <unaffected range="ge">4.4.3_p1</unaffected>
+            <vulnerable range="lt">4.4.3_p1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>ISC DHCP is ISC&#39;s reference implementation of all aspects of the Dynamic Host Configuration Protocol.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All ISC DHCP users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.4.3_p1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25217">CVE-2021-25217</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2928">CVE-2022-2928</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2929">CVE-2022-2929</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T10:32:25.223781Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T10:32:25.226672Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-23.xml

@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-23">
+    <title>Lua: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Lua, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">lua</product>
+    <announced>2023-05-03</announced>
+    <revised count="1">2023-05-03</revised>
+    <bug>837521</bug>
+    <bug>831053</bug>
+    <bug>520480</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-lang/lua" auto="yes" arch="*">
+            <unaffected range="ge" slot="5.4">5.4.4-r103</unaffected>
+            <unaffected range="ge" slot="5.2">5.2.3</unaffected>
+            <unaffected range="ge" slot="5.1">5.1.5-r200</unaffected>
+            <vulnerable range="lt" slot="5.4">5.4.4-r103</vulnerable>
+            <vulnerable range="lt" slot="5.2">5.2.3</vulnerable>
+            <vulnerable range="lt" slot="5.1">5.1.5-r200</vulnerable>
+            <vulnerable range="le" slot="0">5.1.5-r4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Lua. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Lua 5.1 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/lua-5.1.5-r200"
+        </code>
+        
+        <p>All Lua 5.3 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/lua-5.2.3"
+        </code>
+        
+        <p>All Lua 5.4 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/lua-5.4.4-r103"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5461">CVE-2014-5461</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44647">CVE-2021-44647</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28805">CVE-2022-28805</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-03T10:32:55.745234Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-03T10:32:55.751034Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-24.xml

@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-24">
+    <title>MediaWiki: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">mediawiki</product>
+    <announced>2023-05-21</announced>
+    <revised count="1">2023-05-21</revised>
+    <bug>815376</bug>
+    <bug>829302</bug>
+    <bug>836430</bug>
+    <bug>855965</bug>
+    <bug>873385</bug>
+    <bug>888041</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-apps/mediawiki" auto="yes" arch="*">
+            <unaffected range="ge">1.38.5</unaffected>
+            <vulnerable range="lt">1.38.5</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>MediaWiki is a collaborative editing software, used by big projects like Wikipedia.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All MediaWiki users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.38.5"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41798">CVE-2021-41798</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41799">CVE-2021-41799</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41800">CVE-2021-41800</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44854">CVE-2021-44854</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44855">CVE-2021-44855</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44856">CVE-2021-44856</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44857">CVE-2021-44857</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44858">CVE-2021-44858</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45038">CVE-2021-45038</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28202">CVE-2022-28202</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28205">CVE-2022-28205</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28206">CVE-2022-28206</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28209">CVE-2022-28209</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31090">CVE-2022-31090</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31091">CVE-2022-31091</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34911">CVE-2022-34911</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34912">CVE-2022-34912</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41765">CVE-2022-41765</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41766">CVE-2022-41766</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41767">CVE-2022-41767</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47927">CVE-2022-47927</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-21T19:43:14.271112Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-21T19:43:14.304418Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-25.xml

@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-25">
+    <title>OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in ModSecurity Core Rule Set, the worst of which could result in bypassing the WAF.</synopsis>
+    <product type="ebuild">modsecurity-crs</product>
+    <announced>2023-05-21</announced>
+    <revised count="1">2023-05-21</revised>
+    <bug>822003</bug>
+    <bug>872077</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-apache/modsecurity-crs" auto="yes" arch="*">
+            <unaffected range="ge">3.3.4</unaffected>
+            <vulnerable range="lt">3.3.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in OWASP ModSecurity Core Rule Set. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All OWASP ModSecurity Core Rule Set users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-apache/modsecurity-crs-3.3.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35368">CVE-2021-35368</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39955">CVE-2022-39955</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39956">CVE-2022-39956</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39957">CVE-2022-39957</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39958">CVE-2022-39958</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-21T19:43:55.477807Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-21T19:43:55.481401Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-26.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-26">
+    <title>LibreCAD: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in LibreCAD, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">librecad</product>
+    <announced>2023-05-21</announced>
+    <revised count="1">2023-05-21</revised>
+    <bug>825362</bug>
+    <bug>832210</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-gfx/librecad" auto="yes" arch="*">
+            <unaffected range="ge">2.1.3-r7</unaffected>
+            <vulnerable range="lt">2.1.3-r7</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>LibreCAD is a generic 2D CAD program.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in LibreCAD. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All LibreCAD users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-gfx/librecad-2.1.3-r7"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21898">CVE-2021-21898</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21899">CVE-2021-21899</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21900">CVE-2021-21900</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45341">CVE-2021-45341</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45342">CVE-2021-45342</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45343">CVE-2021-45343</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-21T19:44:16.481147Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-21T19:44:16.483443Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-27.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-27">
+    <title>Tinyproxy: Memory Disclosure</title>
+    <synopsis>A vulnerability has been discovered in Tinyproxy which could be used to achieve memory disclosure.</synopsis>
+    <product type="ebuild">tinyproxy</product>
+    <announced>2023-05-21</announced>
+    <revised count="1">2023-05-21</revised>
+    <bug>871924</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-proxy/tinyproxy" auto="yes" arch="*">
+            <unaffected range="ge">1.11.1_p20220908</unaffected>
+            <vulnerable range="lt">1.11.1_p20220908</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems.</p>
+    </background>
+    <description>
+        <p>Tinyproxy&#39;s request processing does not sufficiently null-initialize variables used in error pages.</p>
+    </description>
+    <impact type="low">
+        <p>Contents of the Tinyproxy server&#39;s memory could be disclosed via generated error pages.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Tinyproxy users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-proxy/tinyproxy-1.11.1_p20220908"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40468">CVE-2022-40468</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-21T19:44:29.410959Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-21T19:44:29.417842Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-28.xml

@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-28">
+    <title>snakeyaml: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in snakeyaml, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">snakeyaml</product>
+    <announced>2023-05-21</announced>
+    <revised count="1">2023-05-21</revised>
+    <bug>776796</bug>
+    <bug>868621</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-java/snakeyaml" auto="yes" arch="*">
+            <unaffected range="ge">1.33</unaffected>
+            <vulnerable range="lt">1.33</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>snakeyaml is a YAML 1.1 parser and emitter for Java.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in snakeyaml. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All snakeyaml users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-java/snakeyaml-1.33"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18640">CVE-2017-18640</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38749">CVE-2022-38749</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38750">CVE-2022-38750</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38751">CVE-2022-38751</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38752">CVE-2022-38752</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-21T19:44:41.839877Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-21T19:44:41.842236Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-29.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-29">
+    <title>squashfs-tools: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in squashfs-tools, the worst of which can result in an arbitrary file write.</synopsis>
+    <product type="ebuild">squashfs-tools</product>
+    <announced>2023-05-30</announced>
+    <revised count="1">2023-05-30</revised>
+    <bug>810706</bug>
+    <bug>813654</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-fs/squashfs-tools" auto="yes" arch="*">
+            <unaffected range="ge">4.5_p20210914</unaffected>
+            <vulnerable range="lt">4.5_p20210914</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Squashfs is a compressed read-only filesystem for Linux. Squashfs is intended for general read-only filesystem use, for archival use (i.e. in cases where a .tar.gz file may be used), and in constrained block device/memory systems (e.g. embedded systems) where low overhead is needed.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in squashfs-tools. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All squashfs-tools users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-fs/squashfs-tools-4.5_p20210914"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40153">CVE-2021-40153</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41072">CVE-2021-41072</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-30T02:54:28.530142Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-30T02:54:28.552180Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-30.xml

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-30">
+    <title>X.Org X server, XWayland: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation or remote code execution.</synopsis>
+    <product type="ebuild">xorg-server,xwayland</product>
+    <announced>2023-05-30</announced>
+    <revised count="1">2023-05-30</revised>
+    <bug>829208</bug>
+    <bug>877459</bug>
+    <bug>885825</bug>
+    <bug>893438</bug>
+    <bug>903547</bug>
+    <access>remote</access>
+    <affected>
+        <package name="x11-base/xorg-server" auto="yes" arch="*">
+            <unaffected range="ge">21.1.8</unaffected>
+            <vulnerable range="lt">21.1.8</vulnerable>
+        </package>
+        <package name="x11-base/xwayland" auto="yes" arch="*">
+            <unaffected range="ge">23.1.1</unaffected>
+            <vulnerable range="lt">23.1.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The X Window System is a graphical windowing system based on a client/server model.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in X.Org X server, XWayland. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All X.Org X server users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.8"
+        </code>
+        
+        <p>All XWayland users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=x11-base/xwayland-23.1.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4008">CVE-2021-4008</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4009">CVE-2021-4009</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4010">CVE-2021-4010</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4011">CVE-2021-4011</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3550">CVE-2022-3550</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3551">CVE-2022-3551</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3553">CVE-2022-3553</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4283">CVE-2022-4283</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46283">CVE-2022-46283</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46340">CVE-2022-46340</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46341">CVE-2022-46341</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46342">CVE-2022-46342</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46343">CVE-2022-46343</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46344">CVE-2022-46344</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0494">CVE-2023-0494</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1393">CVE-2023-1393</uri>
+        <uri>ZDI-CAN-19596</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-30T02:54:51.090310Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-30T02:54:51.098055Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-31.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-31">
+    <title>LibTIFF: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">tiff</product>
+    <announced>2023-05-30</announced>
+    <revised count="1">2023-05-30</revised>
+    <bug>891839</bug>
+    <bug>895900</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-libs/tiff" auto="yes" arch="*">
+            <unaffected range="ge">4.5.0-r2</unaffected>
+            <vulnerable range="lt">4.5.0-r2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>LibTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in LibTIFF. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All LibTIFF users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.5.0-r2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-48281">CVE-2022-48281</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0795">CVE-2023-0795</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0796">CVE-2023-0796</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0797">CVE-2023-0797</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0798">CVE-2023-0798</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0799">CVE-2023-0799</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0800">CVE-2023-0800</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0801">CVE-2023-0801</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0802">CVE-2023-0802</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0803">CVE-2023-0803</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0804">CVE-2023-0804</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-30T03:01:32.709725Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-30T03:01:32.715272Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-32.xml

@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-32">
+    <title>WebKitGTK+: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">webkit-gtk</product>
+    <announced>2023-05-30</announced>
+    <revised count="1">2023-05-30</revised>
+    <bug>871732</bug>
+    <bug>879571</bug>
+    <bug>888563</bug>
+    <bug>905346</bug>
+    <bug>905349</bug>
+    <bug>905351</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+            <unaffected range="ge">2.40.1</unaffected>
+            <vulnerable range="lt">2.40.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.40.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32885">CVE-2022-32885</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32886">CVE-2022-32886</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32888">CVE-2022-32888</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32891">CVE-2022-32891</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32923">CVE-2022-32923</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42799">CVE-2022-42799</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42823">CVE-2022-42823</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42824">CVE-2022-42824</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42826">CVE-2022-42826</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42852">CVE-2022-42852</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42856">CVE-2022-42856</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42863">CVE-2022-42863</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42867">CVE-2022-42867</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46691">CVE-2022-46691</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46692">CVE-2022-46692</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46698">CVE-2022-46698</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46699">CVE-2022-46699</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46700">CVE-2022-46700</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23517">CVE-2023-23517</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23518">CVE-2023-23518</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23529">CVE-2023-23529</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25358">CVE-2023-25358</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25360">CVE-2023-25360</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25361">CVE-2023-25361</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25362">CVE-2023-25362</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25363">CVE-2023-25363</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-27932">CVE-2023-27932</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-27954">CVE-2023-27954</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28205">CVE-2023-28205</uri>
+        <uri link="https://webkitgtk.org/security/WSA-2022-0009.html">WSA-2022-0009</uri>
+        <uri link="https://webkitgtk.org/security/WSA-2022-0010.html">WSA-2022-0010</uri>
+        <uri link="https://webkitgtk.org/security/WSA-2023-0001.html">WSA-2023-0001</uri>
+        <uri link="https://webkitgtk.org/security/WSA-2023-0002.html">WSA-2023-0002</uri>
+        <uri link="https://webkitgtk.org/security/WSA-2023-0003.html">WSA-2023-0003</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-30T03:01:57.042063Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-30T03:01:57.045898Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-33.xml

@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-33">
+    <title>OpenImageIO: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in OpenImageIO, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">openimageio</product>
+    <announced>2023-05-30</announced>
+    <revised count="1">2023-05-30</revised>
+    <bug>879255</bug>
+    <bug>884085</bug>
+    <bug>888045</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-libs/openimageio" auto="yes" arch="*">
+            <unaffected range="ge">2.4.6.0</unaffected>
+            <vulnerable range="lt">2.4.6.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>OpenImageIO is a library for reading and writing images.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in OpenImageIO. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All OpenImageIO users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/openimageio-2.4.6.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4198">CVE-2022-4198</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36354">CVE-2022-36354</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38143">CVE-2022-38143</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41639">CVE-2022-41639</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41649">CVE-2022-41649</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41684">CVE-2022-41684</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41794">CVE-2022-41794</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41837">CVE-2022-41837</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41838">CVE-2022-41838</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41977">CVE-2022-41977</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41981">CVE-2022-41981</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41988">CVE-2022-41988</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41999">CVE-2022-41999</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43592">CVE-2022-43592</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43593">CVE-2022-43593</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43594">CVE-2022-43594</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43595">CVE-2022-43595</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43596">CVE-2022-43596</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43597">CVE-2022-43597</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43598">CVE-2022-43598</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43599">CVE-2022-43599</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43600">CVE-2022-43600</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43601">CVE-2022-43601</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43602">CVE-2022-43602</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43603">CVE-2022-43603</uri>
+        <uri>TALOS-2022-1626</uri>
+        <uri>TALOS-2022-1627</uri>
+        <uri>TALOS-2022-1628</uri>
+        <uri>TALOS-2022-1629</uri>
+        <uri>TALOS-2022-1630</uri>
+        <uri>TALOS-2022-1632</uri>
+        <uri>TALOS-2022-1633</uri>
+        <uri>TALOS-2022-1634</uri>
+        <uri>TALOS-2022-1635</uri>
+        <uri>TALOS-2022-1643</uri>
+        <uri>TALOS-2022-1651</uri>
+        <uri>TALOS-2022-1652</uri>
+        <uri>TALOS-2022-1653</uri>
+        <uri>TALOS-2022-1654</uri>
+        <uri>TALOS-2022-1655</uri>
+        <uri>TALOS-2022-1656</uri>
+        <uri>TALOS-2022-1657</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-30T03:02:13.174119Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-30T03:02:13.176617Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-34.xml

@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-34">
+    <title>CGAL: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in CGAL, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">cgal</product>
+    <announced>2023-05-30</announced>
+    <revised count="1">2023-05-30</revised>
+    <bug>774261</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sci-mathematics/cgal" auto="yes" arch="*">
+            <unaffected range="ge">5.4.1</unaffected>
+            <vulnerable range="lt">5.4.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>CGAL is a C++ library for geometric algorithms and data structures.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in CGAL. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All CGAL users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sci-mathematics/cgal-5.4.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28601">CVE-2020-28601</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28602">CVE-2020-28602</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28603">CVE-2020-28603</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28604">CVE-2020-28604</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28605">CVE-2020-28605</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28606">CVE-2020-28606</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28607">CVE-2020-28607</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28608">CVE-2020-28608</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28610">CVE-2020-28610</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28611">CVE-2020-28611</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28612">CVE-2020-28612</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28613">CVE-2020-28613</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28614">CVE-2020-28614</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28615">CVE-2020-28615</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28616">CVE-2020-28616</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28617">CVE-2020-28617</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28618">CVE-2020-28618</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28619">CVE-2020-28619</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28620">CVE-2020-28620</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28621">CVE-2020-28621</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28622">CVE-2020-28622</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28623">CVE-2020-28623</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28624">CVE-2020-28624</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28625">CVE-2020-28625</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28626">CVE-2020-28626</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28627">CVE-2020-28627</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28628">CVE-2020-28628</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28629">CVE-2020-28629</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28630">CVE-2020-28630</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28631">CVE-2020-28631</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28632">CVE-2020-28632</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28633">CVE-2020-28633</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28634">CVE-2020-28634</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28635">CVE-2020-28635</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28636">CVE-2020-28636</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35628">CVE-2020-35628</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35629">CVE-2020-35629</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35630">CVE-2020-35630</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35631">CVE-2020-35631</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35632">CVE-2020-35632</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35633">CVE-2020-35633</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35634">CVE-2020-35634</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35635">CVE-2020-35635</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35636">CVE-2020-35636</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-30T03:02:29.788917Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-30T03:02:29.791841Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-35.xml

@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-35">
+    <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">firefox,firefox-bin</product>
+    <announced>2023-05-30</announced>
+    <revised count="1">2023-05-30</revised>
+    <bug>895962</bug>
+    <bug>903618</bug>
+    <bug>905889</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-client/firefox" auto="yes" arch="*">
+            <unaffected range="ge" slot="esr">102.10.0</unaffected>
+            <unaffected range="ge" slot="rapid">112.0</unaffected>
+            <vulnerable range="lt" slot="esr">102.10.0</vulnerable>
+            <vulnerable range="lt" slot="rapid">112.0</vulnerable>
+        </package>
+        <package name="www-client/firefox-bin" auto="yes" arch="*">
+            <unaffected range="ge" slot="esr">102.10.0</unaffected>
+            <unaffected range="ge" slot="rapid">112.0</unaffected>
+            <vulnerable range="lt" slot="esr">102.10.0</vulnerable>
+            <vulnerable range="lt" slot="rapid">112.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.10.0:esr"
+        </code>
+        
+        <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-102.10.0:esr"
+        </code>
+        
+        <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-112.0:rapid"
+        </code>
+        
+        <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-112.0:rapid"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0767">CVE-2023-0767</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1945">CVE-2023-1945</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1999">CVE-2023-1999</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25728">CVE-2023-25728</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25729">CVE-2023-25729</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25730">CVE-2023-25730</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25731">CVE-2023-25731</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25732">CVE-2023-25732</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25734">CVE-2023-25734</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25735">CVE-2023-25735</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25737">CVE-2023-25737</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25738">CVE-2023-25738</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25739">CVE-2023-25739</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25742">CVE-2023-25742</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25746">CVE-2023-25746</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25748">CVE-2023-25748</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25749">CVE-2023-25749</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25750">CVE-2023-25750</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25751">CVE-2023-25751</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25752">CVE-2023-25752</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28159">CVE-2023-28159</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28160">CVE-2023-28160</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28161">CVE-2023-28161</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28162">CVE-2023-28162</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28163">CVE-2023-28163</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28164">CVE-2023-28164</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28176">CVE-2023-28176</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28177">CVE-2023-28177</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29533">CVE-2023-29533</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29535">CVE-2023-29535</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29536">CVE-2023-29536</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29537">CVE-2023-29537</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29538">CVE-2023-29538</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29539">CVE-2023-29539</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29540">CVE-2023-29540</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29541">CVE-2023-29541</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29543">CVE-2023-29543</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29544">CVE-2023-29544</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29547">CVE-2023-29547</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29548">CVE-2023-29548</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29549">CVE-2023-29549</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29550">CVE-2023-29550</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29551">CVE-2023-29551</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-30T03:02:42.943248Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-30T03:02:42.946108Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-36.xml

@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-36">
+    <title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">thunderbird,thunderbird-bin</product>
+    <announced>2023-05-30</announced>
+    <revised count="1">2023-05-30</revised>
+    <bug>895960</bug>
+    <bug>903619</bug>
+    <bug>905890</bug>
+    <access>remote</access>
+    <affected>
+        <package name="mail-client/thunderbird" auto="yes" arch="*">
+            <unaffected range="ge">102.10.0</unaffected>
+            <vulnerable range="lt">102.10.0</vulnerable>
+        </package>
+        <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+            <unaffected range="ge">102.10.0</unaffected>
+            <vulnerable range="lt">102.10.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.10.0"
+        </code>
+        
+        <p>All Mozilla Thunderbird binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.10.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0616">CVE-2023-0616</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0767">CVE-2023-0767</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1945">CVE-2023-1945</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1999">CVE-2023-1999</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25728">CVE-2023-25728</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25729">CVE-2023-25729</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25730">CVE-2023-25730</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25732">CVE-2023-25732</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25734">CVE-2023-25734</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25735">CVE-2023-25735</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25737">CVE-2023-25737</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25738">CVE-2023-25738</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25739">CVE-2023-25739</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25740">CVE-2023-25740</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25741">CVE-2023-25741</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25742">CVE-2023-25742</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25743">CVE-2023-25743</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25744">CVE-2023-25744</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25745">CVE-2023-25745</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25746">CVE-2023-25746</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25751">CVE-2023-25751</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25752">CVE-2023-25752</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28162">CVE-2023-28162</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28163">CVE-2023-28163</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28164">CVE-2023-28164</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28176">CVE-2023-28176</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28427">CVE-2023-28427</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29533">CVE-2023-29533</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29535">CVE-2023-29535</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29536">CVE-2023-29536</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29539">CVE-2023-29539</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29541">CVE-2023-29541</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29548">CVE-2023-29548</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29550">CVE-2023-29550</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-30T03:02:57.393863Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-30T03:02:57.397152Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-37.xml

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-37">
+    <title>Apache Tomcat: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">tomcat</product>
+    <announced>2023-05-30</announced>
+    <revised count="2">2023-05-31</revised>
+    <bug>878911</bug>
+    <bug>889596</bug>
+    <bug>896370</bug>
+    <bug>907387</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-servers/tomcat" auto="yes" arch="*">
+            <unaffected range="ge" slot="8">8.5.88</unaffected>
+            <vulnerable range="lt" slot="8">8.5.88</vulnerable>
+            <unaffected range="ge" slot="9">9.0.74</unaffected>
+            <vulnerable range="lt" slot="9">9.0.74</vulnerable>
+            <unaffected range="ge" slot="10">10.1.8</unaffected>
+            <vulnerable range="lt" slot="10">10.1.8</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Apache Tomcat users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.1.8"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42252">CVE-2022-42252</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45143">CVE-2022-45143</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24998">CVE-2023-24998</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28709">CVE-2023-28709</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-30T03:03:08.445610Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-30T03:03:08.449048Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk

@@ -1 +1 @@
-Tue, 02 May 2023 07:09:52 +0000
+Thu, 01 Jun 2023 06:39:40 +0000

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit

@@ -1 +1 @@
-da9b5483883fcc611753d44d34c0ede9188ce21c 1673414531 2023-01-11T05:22:11+00:00
+023c3018165ffad6f1f6a874561e1c3c555cb505 1685499625 2023-05-31T02:20:25+00:00