Merge pull request #2069 from flatcar/buildbot/monthly-glsa-metadata-updates-2024-07-01

Monthly GLSA metadata 2024-07-01

build_library/test_image_content.sh

@@ -4,6 +4,7 @@
 
 GLSA_ALLOWLIST=(
 	201412-09 # incompatible CA certificate version numbers
+	202407-05 # ebuild of sys-auth/sssd already has a custom patch to fix CVE-2021-3621
 )
 
 glsa_image() {

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest

@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 569494 BLAKE2B 475196fd0ff28d6023f45e6c22284bded2028bbe891778e3828fb75c3727438168bcd5ab63fe48683bb5874710c096e12470eee93163ae90c07d1f9d79810710 SHA512 94822c7f83b3b68b28e1885c442c2d9b5794eb5f861b8a0862162601a2c2b03cdc2bb6144d8b4a1d61befedf2ff1952e540c518e34c7f15ff5af14b7dc567fcb
+MANIFEST Manifest.files.gz 576950 BLAKE2B 88011af22fa4be4dd32deb6beef67152498dbf9a935f1735cb732a1cff2286ecaac7ff10b0cd4cc26890af67573dfd9f41b1b3d976e69dc012ee35c219644c8d SHA512 c652e80fb194ffb2de3f33c3046f525f887396de843ab0761ad5fa21d9949f6b62a1a16747b833821d7307bc10a7d9679651980cd85f6673c854e9dc8e09f5af
-TIMESTAMP 2024-05-01T06:40:25Z
+TIMESTAMP 2024-07-01T06:40:32Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmYx49lfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmaCT2BfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBi7hAAsuDk2RK0sZb8tOFUPYo57qATO0xjYxhNlanBfW1axPgWMJ+IOjccLs3+
+klCqxxAAlJUoGJYKzxQA/H3JQnjWSmIGVKL5XLmsWRPghQ9J5hsLgQURe8wGtoIU
-Fxrq3c9Op1U0jEa/dP/4zBV/iqvXy3gth382qmG9eqUkpxjaKLWeWJ6xkx2wcKKe
+9oCNhRJesjAkA5l72Aa+HyEonUAiOqZD8R17ek9ipDLA9VFM9T9yNhk+nwnDu8Yi
-HBxAIHSs/45bBIQhnAoHSSjfp8eRrB6iRZA7+71FFuN3bEDFbaQzKg6jqet0qBjb
+nWRjh3GB3OlcZbJDZ0ORE3ze65a8AMHlnWyCCq1QSZYXAqYDhbBz+i0y2hOtsBLP
-Addmc9ykRSTsIVZKl7gpk5kr5VWSAyp1gTderZfU+osYWpo65pMQiErkyDWq6pgu
+KiJKyh1uFON30dzDNbvY8taSw5ktaV5x4uuvmh7fmw2PpfoqK838me3YuQq8hVt4
-PsF8cdtWvRTZ397Sayips6CDs9h9SIjAM3HT7oz0aXGBSGVjzLmM44iA1UA6qTDL
+/haj/FoAfT8imrL8f52v01gUxz9EP5gRuzfML4v728TcQjDlmyuk/EuSm0PjFKxn
-bP5TwwiBIOF5UZnr93if3rKwuq3RQVORVaGvkJ8a0M8WyhKZruiPILCJmMBtX+E2
+zto2xmY/6/4AL/VKGOmzw3zpjapWjyiydVsh+l0hec1aZTxdgheh/dN7TfMJgmTV
-C0jPVJYzR65/CuCyndUvomDW7E82dofWMwgwHUgdnN5HQdl3+IzxDSX8/ydqxcpK
+MUIyeLOX+qMvFph1ZITVNi3iQW5VO9Ho4exzvMgHVthli0Kqjqdx7rC966zHN3Ao
-q/k7MfKKLSasP9/db+ejcWCUCqTizF2Z2RGFov+Ae5kA9c05lJD+XQ/OFSNvfnQo
+3QuNtof4D+0ChqOyJpfdIrrRQct7M/Jp+2ZSx0T3luZ2mxSvVH+aIBBo/w37i5hM
-lpeQ1JnDQAGsO1oT/uXgyTV11006MXeCm+GEAiNsxixql0pVoj6km45/TrxQUDDC
+3612fcZWMDtzUvT0sbhuf9j1o7S7T24V66cs0BxpMC8t2Gh3pF4TL8CDDFH1rrv6
-PiT60S1R1mQymz/hU5FfYCVSJGXsrUAmYHg+0UrXsU+lbcXq4slIXErHz8uL+d2X
+8b9TU/3t/qk1haW42KmYXeUq6wEUWw1Z49wb80JEI6ZlTtm74CEdTYm27eisb+Wq
-8bzTjPEreXOLxMsZWPlf82NACoOAm+nHHpqxnPdgHGnLSdpbh1I=
+H7DiQc0WDdZm5i7wVEN/nyVEf04Qv5IhfYS3MDaPDnck2pVaPtc=
-=q6/O
+=IEvJ
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202403-04.xml

@@ -5,13 +5,15 @@
     <synopsis>A backdoor has been discovered in XZ utils that could lead to remote compromise of systems.</synopsis>
     <product type="ebuild">xz-utils</product>
     <announced>2024-03-29</announced>
-    <revised count="1">2024-03-29</revised>
+    <revised count="2">2024-05-29</revised>
     <bug>928134</bug>
     <access>remote</access>
     <affected>
         <package name="app-arch/xz-utils" auto="yes" arch="*">
             <unaffected range="lt">5.6.0</unaffected>
-            <vulnerable range="ge">5.6.0</vulnerable>
+            <unaffected range="gt">5.6.1</unaffected>
+            <vulnerable range="eq">5.6.0</vulnerable>
+            <vulnerable range="eq">5.6.1</vulnerable>
         </package>
     </affected>
     <background>
@@ -32,8 +34,12 @@ Analysis is still ongoing, however, and additional vectors may still be identifi
         <p>There is no known workaround at this time.</p>
     </workaround>
     <resolution>
-        <p>All XZ utils users should downgrade to the latest version before the backdoor was introduced:</p>
+        <p>All XZ utils users should upgrade to the latest fixed version, or downgrade to the latest version before the backdoor was introduced:</p>
         
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose "&gt;app-arch/xz-utils-5.6.1"
+        </code>
         <code>
           # emerge --sync
           # emerge --ask --oneshot --verbose "&lt;app-arch/xz-utils-5.6.0"

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-01.xml

@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-01">
+    <title>Python, PyPy3: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation.</synopsis>
+    <product type="ebuild">pypy3,pypy3_10,pypy3_9,python</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>884653</bug>
+    <bug>897958</bug>
+    <bug>908018</bug>
+    <bug>912976</bug>
+    <bug>919475</bug>
+    <bug>927299</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-lang/python" auto="yes" arch="*">
+            <unaffected range="ge" slot="3.12">3.12.1</unaffected>
+            <unaffected range="ge" slot="3.11">3.11.8</unaffected>
+            <unaffected range="ge" slot="3.10">3.10.14</unaffected>
+            <unaffected range="ge" slot="3.9">3.9.19</unaffected>
+            <unaffected range="ge" slot="3.8">3.8.19</unaffected>
+            <vulnerable range="lt" slot="3.12">3.12.1</vulnerable>
+            <vulnerable range="lt" slot="3.11">3.11.8</vulnerable>
+            <vulnerable range="lt" slot="3.10">3.10.14</vulnerable>
+            <vulnerable range="lt" slot="3.9">3.9.19</vulnerable>
+            <vulnerable range="lt" slot="3.8">3.8.19</vulnerable>
+        </package>
+        <package name="dev-python/pypy3" auto="yes" arch="*">
+            <unaffected range="ge">7.3.16</unaffected>
+            <vulnerable range="lt">7.3.16</vulnerable>
+        </package>
+        <package name="dev-python/pypy3_10" auto="yes" arch="*">
+            <unaffected range="ge">7.3.16</unaffected>
+            <vulnerable range="lt">7.3.16</vulnerable>
+        </package>
+        <package name="dev-python/pypy3_9" auto="yes" arch="*">
+            <unaffected range="ge">7.3.16</unaffected>
+            <vulnerable range="lt">7.3.16</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Python is an interpreted, interactive, object-oriented, cross-platform programming language.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Python, PyPy3. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Python, PyPy3 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.12.1:3.12"
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.11.9:3.11"
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.10.14:3.10"
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.9.19:3.9"
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.19:3.8"
+          # emerge --ask --oneshot --verbose ">=dev-python/pypy3-7.3.16"
+          # emerge --ask --oneshot --verbose ">=dev-python/pypy3_10-7.3.16"
+          # emerge --ask --oneshot --verbose ">=dev-python/pypy3_9-7.3.16"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6507">CVE-2023-6507</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6597">CVE-2023-6597</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24329">CVE-2023-24329</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40217">CVE-2023-40217</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-41105">CVE-2023-41105</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0450">CVE-2024-0450</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T05:59:08.361678Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T05:59:08.364851Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-02.xml

@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-02">
+    <title>ImageMagick: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution.</synopsis>
+    <product type="ebuild">imagemagick</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>835931</bug>
+    <bug>843833</bug>
+    <bug>852947</bug>
+    <bug>871954</bug>
+    <bug>893526</bug>
+    <bug>904357</bug>
+    <bug>908082</bug>
+    <bug>917594</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-gfx/imagemagick" auto="yes" arch="*">
+            <unaffected range="ge">6.9.13.0</unaffected>
+            <unaffected range="ge">7.1.1.22</unaffected>
+            <vulnerable range="lt">6.9.12.88</vulnerable>
+            <vulnerable range="lt">7.1.1.11</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>ImageMagick is a software suite to create, edit, and compose bitmap images, that can also read, write, and convert images in many other formats.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All ImageMagick 6.x users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.13.0" =media-gfx/imagemagick-6*"
+        </code>
+        
+        <p>All ImageMagick 7.x users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-7.1.1.22"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4219">CVE-2021-4219</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20224">CVE-2021-20224</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0284">CVE-2022-0284</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1115">CVE-2022-1115</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2719">CVE-2022-2719</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3213">CVE-2022-3213</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28463">CVE-2022-28463</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32545">CVE-2022-32545</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32546">CVE-2022-32546</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32547">CVE-2022-32547</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44267">CVE-2022-44267</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44268">CVE-2022-44268</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1906">CVE-2023-1906</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2157">CVE-2023-2157</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5341">CVE-2023-5341</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34151">CVE-2023-34151</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34153">CVE-2023-34153</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T06:13:28.990846Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T06:13:28.993140Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-03.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-03">
+    <title>Dalli: Code Injection</title>
+    <synopsis>A vulnerability has been discovered in Dalli, which can lead to code injection.</synopsis>
+    <product type="ebuild">dalli</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>882077</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="dev-ruby/dalli" auto="yes" arch="*">
+            <unaffected range="ge">3.2.3</unaffected>
+            <vulnerable range="lt">3.2.3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Dalli is a high performance pure Ruby client for accessing memcached servers.</p>
+    </background>
+    <description>
+        <p>A vulnerability was found in Dalli. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Dalli users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-ruby/dalli-3.2.3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4064">CVE-2022-4064</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T06:43:24.230534Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T06:43:24.233626Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-04.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-04">
+    <title>systemd: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in systemd, the worst of which can lead to a denial of service.</synopsis>
+    <product type="ebuild">systemd</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>882769</bug>
+    <bug>887581</bug>
+    <access>local</access>
+    <affected>
+        <package name="sys-apps/systemd" auto="yes" arch="*">
+            <unaffected range="ge">252.4</unaffected>
+            <vulnerable range="lt">252.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>A system and service manager.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All systemd users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-apps/systemd-252.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4415">CVE-2022-4415</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45873">CVE-2022-45873</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T07:18:38.700106Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T07:18:38.703836Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-05.xml

@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-05">
+    <title>MPlayer: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in MPlayer, the worst of which can lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">mplayer</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>870406</bug>
+    <access>local</access>
+    <affected>
+        <package name="media-video/mplayer" auto="yes" arch="*">
+            <unaffected range="ge">1.5</unaffected>
+            <vulnerable range="lt">1.5</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>MPlayer is a media player capable of handling multiple multimedia file formats.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in MPlayer. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All MPlayer users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.5"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38600">CVE-2022-38600</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38850">CVE-2022-38850</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38851">CVE-2022-38851</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38853">CVE-2022-38853</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38855">CVE-2022-38855</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38856">CVE-2022-38856</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38858">CVE-2022-38858</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38860">CVE-2022-38860</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38861">CVE-2022-38861</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38862">CVE-2022-38862</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38863">CVE-2022-38863</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38864">CVE-2022-38864</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38865">CVE-2022-38865</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38866">CVE-2022-38866</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T07:42:15.329279Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T07:42:15.332064Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-06.xml

@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-06">
+    <title>mujs: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">mujs</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>833453</bug>
+    <bug>845399</bug>
+    <bug>882775</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-lang/mujs" auto="yes" arch="*">
+            <unaffected range="ge">1.3.2</unaffected>
+            <vulnerable range="lt">1.3.2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>mujs is an embeddable Javascript interpreter in C.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in mujs. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All mujs users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/mujs-1.3.2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45005">CVE-2021-45005</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30974">CVE-2022-30974</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30975">CVE-2022-30975</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44789">CVE-2022-44789</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T08:04:01.742392Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T08:04:01.746124Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-07.xml

@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-07">
+    <title>HTMLDOC: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in HTMLDOC, the worst of which can lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">htmldoc</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>780489</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="app-text/htmldoc" auto="yes" arch="*">
+            <unaffected range="ge">1.9.16</unaffected>
+            <vulnerable range="lt">1.9.16</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>HTMLDOC is a HTML indexer and HTML to PS and PDF converter.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in HTMLDOC. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All HTMLDOC users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-text/htmldoc-1.9.16"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20308">CVE-2021-20308</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23158">CVE-2021-23158</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23165">CVE-2021-23165</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23180">CVE-2021-23180</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23191">CVE-2021-23191</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23206">CVE-2021-23206</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26252">CVE-2021-26252</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26259">CVE-2021-26259</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26948">CVE-2021-26948</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33235">CVE-2021-33235</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33236">CVE-2021-33236</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40985">CVE-2021-40985</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43579">CVE-2021-43579</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0137">CVE-2022-0137</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0534">CVE-2022-0534</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24191">CVE-2022-24191</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27114">CVE-2022-27114</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28085">CVE-2022-28085</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34033">CVE-2022-34033</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34035">CVE-2022-34035</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T08:44:19.188140Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T08:44:19.190127Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-08.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-08">
+    <title>strongSwan: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in strongSwan, the worst of which could possibly lead to remote code execution.</synopsis>
+    <product type="ebuild">strongswan</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>818841</bug>
+    <bug>832460</bug>
+    <bug>878887</bug>
+    <bug>899964</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-vpn/strongswan" auto="yes" arch="*">
+            <unaffected range="ge">5.9.10</unaffected>
+            <vulnerable range="lt">5.9.10</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>strongSwan is an IPSec implementation for Linux.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All strongSwan users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-vpn/strongswan-5.9.10"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41991">CVE-2021-41991</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45079">CVE-2021-45079</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40617">CVE-2022-40617</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-26463">CVE-2023-26463</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T09:05:41.308308Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T09:05:41.311063Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-09.xml

@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-09">
+    <title>MediaInfo, MediaInfoLib: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in MediaInfo and MediaInfoLib, the worst of which could allow user-assisted remote code execution.</synopsis>
+    <product type="ebuild">libmediainfo,mediainfo</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>778992</bug>
+    <bug>836564</bug>
+    <bug>875374</bug>
+    <bug>917612</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-libs/libmediainfo" auto="yes" arch="*">
+            <unaffected range="ge">23.10</unaffected>
+            <vulnerable range="lt">23.10</vulnerable>
+        </package>
+        <package name="media-video/mediainfo" auto="yes" arch="*">
+            <unaffected range="ge">23.10</unaffected>
+            <vulnerable range="lt">23.10</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>MediaInfo supplies technical and tag information about media files. MediaInfoLib contains MediaInfo libraries.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in MediaInfo and MediaInfoLib. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All MediaInfo users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-video/mediainfo-23.10"
+        </code>
+        
+        <p>All MediaInfolib users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/libmediainfo-23.10"
+        </code>
+    </resolution>
+    <references>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T09:27:38.638046Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T09:27:38.656198Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-10.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-10">
+    <title>Setuptools: Denial of Service</title>
+    <synopsis>A vulnerability has been discovered in Setuptools, which can lead to denial of service.</synopsis>
+    <product type="ebuild">setuptools</product>
+    <announced>2024-05-05</announced>
+    <revised count="1">2024-05-05</revised>
+    <bug>879813</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-python/setuptools" auto="yes" arch="*">
+            <unaffected range="ge">65.5.1</unaffected>
+            <vulnerable range="lt">65.5.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Setuptools is a manager for Python packages.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in Setuptools. See the impact field.</p>
+    </description>
+    <impact type="normal">
+        <p>An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom PackageIndex page.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Setuptools users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-python/setuptools-65.5.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40897">CVE-2022-40897</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-05T06:37:49.107714Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-05T06:37:49.110409Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-11.xml

@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-11">
+    <title>MIT krb5: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in MIT krb5, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">mit-krb5</product>
+    <announced>2024-05-05</announced>
+    <revised count="1">2024-05-05</revised>
+    <bug>803434</bug>
+    <bug>809845</bug>
+    <bug>879875</bug>
+    <bug>917464</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+            <unaffected range="ge">1.21.2</unaffected>
+            <vulnerable range="lt">1.21.2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in MIT krb5. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All MIT krb5 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.21.2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36222">CVE-2021-36222</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37750">CVE-2021-37750</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42898">CVE-2022-42898</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-36054">CVE-2023-36054</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39975">CVE-2023-39975</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-05T07:13:18.708629Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-05T07:13:18.710959Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-12.xml

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-12">
+    <title>Pillow: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Pillow, the worst of which can lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">pillow</product>
+    <announced>2024-05-05</announced>
+    <revised count="1">2024-05-05</revised>
+    <bug>889594</bug>
+    <bug>903664</bug>
+    <bug>916907</bug>
+    <bug>922577</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-python/pillow" auto="yes" arch="*">
+            <unaffected range="ge">10.2.0</unaffected>
+            <vulnerable range="lt">10.2.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The friendly PIL fork.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Pillow users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-python/pillow-10.2.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44271">CVE-2023-44271</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-50447">CVE-2023-50447</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-05T07:36:46.186094Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-05T07:36:46.190008Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-13.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-13">
+    <title>borgmatic: Shell Injection</title>
+    <synopsis>A vulnerability has been discovered in borgmatic, which can lead to shell injection.</synopsis>
+    <product type="ebuild">borgmatic</product>
+    <announced>2024-05-05</announced>
+    <revised count="1">2024-05-05</revised>
+    <bug>924892</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-backup/borgmatic" auto="yes" arch="*">
+            <unaffected range="ge">1.8.8</unaffected>
+            <vulnerable range="lt">1.8.8</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>borgmatic is simple, configuration-driven backup software for servers and workstations.</p>
+    </background>
+    <description>
+        <p>Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the &#34;borgmatic borg&#34; action, and command hook variable/constant interpolation.</p>
+    </description>
+    <impact type="high">
+        <p>Shell injection may be used in several borgmatic backends to execute arbitrary code.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All borgmatic users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-backup/borgmatic-1.8.8"
+        </code>
+    </resolution>
+    <references>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-05T07:55:00.732358Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-05T07:55:00.739533Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-14.xml

@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-14">
+    <title>QtWebEngine: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">qtwebengine</product>
+    <announced>2024-05-05</announced>
+    <revised count="1">2024-05-05</revised>
+    <bug>927746</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-qt/qtwebengine" auto="yes" arch="*">
+            <unaffected range="ge">5.15.13_p20240322</unaffected>
+            <vulnerable range="lt">5.15.13_p20240322</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All QtWebEngine users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.13_p20240322"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0804">CVE-2024-0804</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0805">CVE-2024-0805</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0806">CVE-2024-0806</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0807">CVE-2024-0807</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0808">CVE-2024-0808</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0809">CVE-2024-0809</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0810">CVE-2024-0810</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0811">CVE-2024-0811</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0812">CVE-2024-0812</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0813">CVE-2024-0813</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0814">CVE-2024-0814</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1059">CVE-2024-1059</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1060">CVE-2024-1060</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1077">CVE-2024-1077</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1283">CVE-2024-1283</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1284">CVE-2024-1284</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-05T08:20:02.905138Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-05T08:20:02.908263Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-15.xml

@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-15">
+    <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to remote code execution.</synopsis>
+    <product type="ebuild">firefox,firefox-bin</product>
+    <announced>2024-05-05</announced>
+    <revised count="1">2024-05-05</revised>
+    <bug>925122</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-client/firefox" auto="yes" arch="*">
+            <unaffected range="ge" slot="rapid">123.0</unaffected>
+            <unaffected range="ge" slot="esr">115.8.0</unaffected>
+            <vulnerable range="lt">123.0</vulnerable>
+            <vulnerable range="lt" slot="esr">115.8.0</vulnerable>
+        </package>
+        <package name="www-client/firefox-bin" auto="yes" arch="*">
+            <unaffected range="ge" slot="rapid">123.0</unaffected>
+            <unaffected range="ge" slot="esr">115.8.0</unaffected>
+            <vulnerable range="lt">123.0</vulnerable>
+            <vulnerable range="lt" slot="esr">115.8.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Firefox rapid release users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-123.0"
+        </code>
+        
+        <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-123.0"
+        </code>
+        
+        <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.8.0:esr"
+        </code>
+        
+        <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-115.8.0:esr"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1546">CVE-2024-1546</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1547">CVE-2024-1547</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1548">CVE-2024-1548</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1549">CVE-2024-1549</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1550">CVE-2024-1550</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1551">CVE-2024-1551</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1552">CVE-2024-1552</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1553">CVE-2024-1553</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1554">CVE-2024-1554</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1555">CVE-2024-1555</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1556">CVE-2024-1556</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1557">CVE-2024-1557</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-05T08:35:38.912286Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-05T08:35:38.915811Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-16.xml

@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-16">
+    <title>Apache Commons BCEL: Remote Code Execution</title>
+    <synopsis>A vulnerability has been discovered in Apache Commons BCEL, which can lead to remote code execution.</synopsis>
+    <product type="ebuild">bcel</product>
+    <announced>2024-05-05</announced>
+    <revised count="1">2024-05-05</revised>
+    <bug>880447</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-java/bcel" auto="yes" arch="*">
+            <unaffected range="ge">6.6.0</unaffected>
+            <vulnerable range="lt">6.6.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The Byte Code Engineering Library (Apache Commons BCEL™) is intended to give users a convenient way to analyze, create, and manipulate (binary) Java class files (those ending with .class).</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifier for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Apache Commons BCEL users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-java/bcel-6.6.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34169">CVE-2022-34169</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42920">CVE-2022-42920</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-05T08:54:04.174105Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-05T08:54:04.177186Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-17.xml

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-17">
+    <title>glibc: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in glibc, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">glibc</product>
+    <announced>2024-05-06</announced>
+    <revised count="1">2024-05-06</revised>
+    <bug>930177</bug>
+    <bug>930667</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-libs/glibc" auto="yes" arch="*">
+            <unaffected range="ge">2.38-r13</unaffected>
+            <vulnerable range="lt">2.38-r13</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>glibc is a package that contains the GNU C library.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All glibc users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.38-r13"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2961">CVE-2024-2961</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-33599">CVE-2024-33599</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-33600">CVE-2024-33600</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-33601">CVE-2024-33601</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-33602">CVE-2024-33602</uri>
+        <uri>GLIBC-SA-2024-0004</uri>
+        <uri>GLIBC-SA-2024-0005</uri>
+        <uri>GLIBC-SA-2024-0006</uri>
+        <uri>GLIBC-SA-2024-0007</uri>
+        <uri>GLIBC-SA-2024-0008</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-06T16:20:24.087004Z">sam</metadata>
+    <metadata tag="submitter" timestamp="2024-05-06T16:20:24.091368Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-18.xml

@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-18">
+    <title>Xpdf: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Xpdf, the worst of which could possibly lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">xpdf</product>
+    <announced>2024-05-07</announced>
+    <revised count="1">2024-05-07</revised>
+    <bug>755938</bug>
+    <bug>840873</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-text/xpdf" auto="yes" arch="*">
+            <unaffected range="ge">4.04</unaffected>
+            <vulnerable range="lt">4.04</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Xpdf is an X viewer for PDF files.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Xpdf users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-text/xpdf-4.04"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25725">CVE-2020-25725</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35376">CVE-2020-35376</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27548">CVE-2021-27548</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24106">CVE-2022-24106</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24107">CVE-2022-24107</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27135">CVE-2022-27135</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38171">CVE-2022-38171</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-07T04:34:27.431462Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-07T04:34:27.435519Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-19.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-19">
+    <title>xar: Unsafe Extraction</title>
+    <synopsis>A vulnerability has been discovered in xar, which can lead to privilege escalation.</synopsis>
+    <product type="ebuild">xar</product>
+    <announced>2024-05-07</announced>
+    <revised count="1">2024-05-07</revised>
+    <bug>820641</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-arch/xar" auto="yes" arch="*">
+            <unaffected range="ge">1.8.0.0.487.100.1</unaffected>
+            <vulnerable range="lt">1.8.0.0.487.100.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>xar provides an easily extensible archive format.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in xar. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>xar allows for a forward-slash separated path to be specified in the file name property, e.g. &lt;name&gt;x/foo&lt;/name&gt; – as long as it doesn’t traverse upwards, and the path exists within the current directory. This means an attacker can create a .xar file which contains both a directory symlink, and a file with a name property which points into the extracted symlink directory. By abusing symlink directories in this manner, an attacker can write arbitrary files to any directory on the filesystem – providing the user has permissions to write to it.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All xar users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-arch/xar-1.8.0.0.487.100.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30833">CVE-2021-30833</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-07T04:42:07.751840Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-07T04:42:07.755662Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-20.xml

@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-20">
+    <title>libjpeg-turbo: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in libjpeg-turbo, the worst of which could lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">libjpeg-turbo</product>
+    <announced>2024-05-07</announced>
+    <revised count="1">2024-05-07</revised>
+    <bug>797424</bug>
+    <bug>814206</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-libs/libjpeg-turbo" auto="yes" arch="*">
+            <unaffected range="ge">2.1.1</unaffected>
+            <vulnerable range="lt">2.1.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in libjpeg-turbo. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All libjpeg-turbo users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/libjpeg-turbo-2.1.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17541">CVE-2020-17541</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37956">CVE-2021-37956</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37957">CVE-2021-37957</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37958">CVE-2021-37958</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37959">CVE-2021-37959</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37960">CVE-2021-37960</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37961">CVE-2021-37961</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37962">CVE-2021-37962</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37963">CVE-2021-37963</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37965">CVE-2021-37965</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37966">CVE-2021-37966</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37967">CVE-2021-37967</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37968">CVE-2021-37968</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37970">CVE-2021-37970</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37971">CVE-2021-37971</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37972">CVE-2021-37972</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-07T05:04:06.111037Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-07T05:04:06.115519Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-21.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-21">
+    <title>Commons-BeanUtils: Improper Access Restriction</title>
+    <synopsis>A vulnerability has been discovered in Commons-BeanUtils, which could lead to execution of arbitrary code.</synopsis>
+    <product type="ebuild">commons-beanutils</product>
+    <announced>2024-05-08</announced>
+    <revised count="1">2024-05-08</revised>
+    <bug>739346</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-java/commons-beanutils" auto="yes" arch="*">
+            <unaffected range="ge">1.9.4</unaffected>
+            <vulnerable range="lt">1.9.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in Commons-BeanUtils. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Commons-BeanUtils users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-java/commons-beanutils-1.9.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10086">CVE-2019-10086</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-08T05:13:04.382039Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-08T05:13:04.384810Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-22.xml

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-22">
+    <title>rsync: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in rsync, the worst of which can lead to denial of service or information disclosure.</synopsis>
+    <product type="ebuild">rsync</product>
+    <announced>2024-05-08</announced>
+    <revised count="1">2024-05-08</revised>
+    <bug>792576</bug>
+    <bug>838724</bug>
+    <bug>862876</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-misc/rsync" auto="yes" arch="*">
+            <unaffected range="ge">3.2.5_pre1</unaffected>
+            <vulnerable range="lt">3.2.5_pre1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo&#39;s Portage tree.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All rsync users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.2.5_pre1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">CVE-2018-25032</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14387">CVE-2020-14387</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29154">CVE-2022-29154</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-08T06:28:44.897737Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-08T06:28:44.901845Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-23.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-23">
+    <title>U-Boot tools: double free vulnerability</title>
+    <synopsis>A vulnerability has been discovered in U-Boot tools which can lead to execution of arbitary code.</synopsis>
+    <product type="ebuild">u-boot-tools</product>
+    <announced>2024-05-08</announced>
+    <revised count="1">2024-05-08</revised>
+    <bug>717000</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-embedded/u-boot-tools" auto="yes" arch="*">
+            <unaffected range="ge">2020.04</unaffected>
+            <vulnerable range="lt">2020.04</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>U-Boot tools provides utiiities for working with Das U-Boot.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>In Das U-Boot a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All U-Boot tools users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-embedded/u-boot-tools-2020.04"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8432">CVE-2020-8432</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-08T07:20:03.445897Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-08T07:20:03.451147Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-24.xml

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-24">
+    <title>ytnef: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in ytnef, the worst of which could potentially lead to remote code execution.</synopsis>
+    <product type="ebuild">ytnef</product>
+    <announced>2024-05-08</announced>
+    <revised count="1">2024-05-08</revised>
+    <bug>774255</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-mail/ytnef" auto="yes" arch="*">
+            <unaffected range="ge">2.0</unaffected>
+            <vulnerable range="lt">2.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>ytnef is a TNEF stream reader for reading winmail.dat files.</p>
+    </background>
+    <description>
+        <p>The TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
+
+The SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All ytnef users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-mail/ytnef-2.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3403">CVE-2021-3403</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3404">CVE-2021-3404</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-08T08:16:41.923823Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-08T08:16:41.929071Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-25.xml

@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-25">
+    <title>MariaDB: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code.</synopsis>
+    <product type="ebuild">mariadb</product>
+    <announced>2024-05-08</announced>
+    <revised count="1">2024-05-08</revised>
+    <bug>699874</bug>
+    <bug>822759</bug>
+    <bug>832490</bug>
+    <bug>838244</bug>
+    <bug>847526</bug>
+    <bug>856484</bug>
+    <bug>891781</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-db/mariadb" auto="yes" arch="*">
+            <unaffected range="ge" slot="10.6">10.6.13</unaffected>
+            <unaffected range="ge" slot="10.11">10.11.3</unaffected>
+            <vulnerable range="lt" slot="10.6">10.11.3</vulnerable>
+            <vulnerable range="lt" slot="10.11">10.11.3</vulnerable>
+            <vulnerable range="lt">10.6.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>MariaDB is an enhanced, drop-in replacement for MySQL.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in MariaDB. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All MariaDB 10.6 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.11.3:10.6"
+        </code>
+        
+        <p>All MariaDB 10.11 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.11.3:10.11"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2938">CVE-2019-2938</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2974">CVE-2019-2974</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46661">CVE-2021-46661</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46662">CVE-2021-46662</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46663">CVE-2021-46663</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46664">CVE-2021-46664</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46665">CVE-2021-46665</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46666">CVE-2021-46666</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46667">CVE-2021-46667</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46668">CVE-2021-46668</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46669">CVE-2021-46669</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24048">CVE-2022-24048</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24050">CVE-2022-24050</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24051">CVE-2022-24051</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24052">CVE-2022-24052</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27376">CVE-2022-27376</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27377">CVE-2022-27377</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27378">CVE-2022-27378</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27379">CVE-2022-27379</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27380">CVE-2022-27380</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27381">CVE-2022-27381</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27382">CVE-2022-27382</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27383">CVE-2022-27383</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27384">CVE-2022-27384</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27385">CVE-2022-27385</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27386">CVE-2022-27386</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27444">CVE-2022-27444</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27445">CVE-2022-27445</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27446">CVE-2022-27446</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27447">CVE-2022-27447</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27448">CVE-2022-27448</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27449">CVE-2022-27449</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27451">CVE-2022-27451</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27452">CVE-2022-27452</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27455">CVE-2022-27455</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27456">CVE-2022-27456</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27457">CVE-2022-27457</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27458">CVE-2022-27458</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31621">CVE-2022-31621</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31622">CVE-2022-31622</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31623">CVE-2022-31623</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31624">CVE-2022-31624</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32081">CVE-2022-32081</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32082">CVE-2022-32082</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32083">CVE-2022-32083</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32084">CVE-2022-32084</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32085">CVE-2022-32085</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32086">CVE-2022-32086</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32088">CVE-2022-32088</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32089">CVE-2022-32089</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32091">CVE-2022-32091</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38791">CVE-2022-38791</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47015">CVE-2022-47015</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5157">CVE-2023-5157</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-08T08:40:00.435252Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-08T08:40:00.439162Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-26.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-26">
+    <title>qtsvg: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to a denial of service.</synopsis>
+    <product type="ebuild">qtsvg</product>
+    <announced>2024-05-08</announced>
+    <revised count="1">2024-05-08</revised>
+    <bug>830381</bug>
+    <bug>906465</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-qt/qtsvg" auto="yes" arch="*">
+            <unaffected range="ge" slot="5">5.15.9-r1</unaffected>
+            <vulnerable range="lt" slot="5">5.15.9-r1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>qtsvg is a SVG rendering library for the Qt framework.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All qtsvg users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-qt/qtsvg-5.15.9-r1:5"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45930">CVE-2021-45930</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32573">CVE-2023-32573</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-08T09:13:29.745666Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-08T09:13:29.749484Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-27.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-27">
+    <title>Epiphany: Buffer Overflow</title>
+    <synopsis>A vulnerability has been discovered in Epiphany, which can lead to a buffer overflow.</synopsis>
+    <product type="ebuild">epiphany</product>
+    <announced>2024-05-08</announced>
+    <revised count="1">2024-05-08</revised>
+    <bug>839786</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-client/epiphany" auto="yes" arch="*">
+            <unaffected range="ge">42.4</unaffected>
+            <vulnerable range="lt">42.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in Epiphany. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>In GNOME Epiphany an HTML document can trigger a client buffer overflow (in ephy_string_shorten) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Epiphany users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/epiphany-42.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29536">CVE-2022-29536</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-08T09:47:31.556833Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-08T09:47:31.561419Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-28.xml

@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-28">
+    <title>NVIDIA Drivers: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation.</synopsis>
+    <product type="ebuild">nvidia-drivers</product>
+    <announced>2024-05-08</announced>
+    <revised count="1">2024-05-08</revised>
+    <bug>909226</bug>
+    <bug>916583</bug>
+    <access>remote</access>
+    <affected>
+        <package name="x11-drivers/nvidia-drivers" auto="yes" arch="*">
+            <unaffected range="ge">470.223.02</unaffected>
+            <unaffected range="ge">525.147.05</unaffected>
+            <unaffected range="ge">535.129.03</unaffected>
+            <vulnerable range="lt">470.223.02</vulnerable>
+            <vulnerable range="lt">525.147.05</vulnerable>
+            <vulnerable range="lt">535.129.03</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>NVIDIA Drivers are NVIDIA&#39;s accelerated graphics driver.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All NVIDIA Drivers 470 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-470.223.02:0/470"
+        </code>
+        
+        <p>All NVIDIA Drivers 525 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-525.147.05:0/525"
+        </code>
+        
+        <p>All NVIDIA Drivers 535 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-535.129.03:0/535"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25515">CVE-2023-25515</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25516">CVE-2023-25516</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-31022">CVE-2023-31022</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-08T10:58:20.300933Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-08T10:58:20.303998Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-29.xml

@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-29">
+    <title>Node.js: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Node.js.</synopsis>
+    <product type="ebuild">nodejs</product>
+    <announced>2024-05-08</announced>
+    <revised count="1">2024-05-08</revised>
+    <bug>772422</bug>
+    <bug>781704</bug>
+    <bug>800986</bug>
+    <bug>805053</bug>
+    <bug>807775</bug>
+    <bug>811273</bug>
+    <bug>817938</bug>
+    <bug>831037</bug>
+    <bug>835615</bug>
+    <bug>857111</bug>
+    <bug>865627</bug>
+    <bug>872692</bug>
+    <bug>879617</bug>
+    <bug>918086</bug>
+    <bug>918614</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-libs/nodejs" auto="yes" arch="*">
+            <unaffected range="ge">16.20.2</unaffected>
+            <unaffected range="ge">18.17.1</unaffected>
+            <unaffected range="ge">20.5.1</unaffected>
+            <vulnerable range="lt">16.20.2</vulnerable>
+            <vulnerable range="lt">18.17.1</vulnerable>
+            <vulnerable range="lt">20.5.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Node.js 20 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1"
+        </code>
+        
+        <p>All Node.js 18 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1"
+        </code>
+        
+        <p>All Node.js 16 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7774">CVE-2020-7774</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3672">CVE-2021-3672</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22883">CVE-2021-22883</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22884">CVE-2021-22884</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22918">CVE-2021-22918</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22930">CVE-2021-22930</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22931">CVE-2021-22931</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22939">CVE-2021-22939</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22940">CVE-2021-22940</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22959">CVE-2021-22959</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22960">CVE-2021-22960</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37701">CVE-2021-37701</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37712">CVE-2021-37712</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39134">CVE-2021-39134</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39135">CVE-2021-39135</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44531">CVE-2021-44531</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44532">CVE-2021-44532</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44533">CVE-2021-44533</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0778">CVE-2022-0778</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3602">CVE-2022-3602</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3786">CVE-2022-3786</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21824">CVE-2022-21824</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32212">CVE-2022-32212</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32213">CVE-2022-32213</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32214">CVE-2022-32214</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32215">CVE-2022-32215</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32222">CVE-2022-32222</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35255">CVE-2022-35255</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35256">CVE-2022-35256</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35948">CVE-2022-35948</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35949">CVE-2022-35949</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43548">CVE-2022-43548</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30581">CVE-2023-30581</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30582">CVE-2023-30582</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30583">CVE-2023-30583</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30584">CVE-2023-30584</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30586">CVE-2023-30586</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30587">CVE-2023-30587</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30588">CVE-2023-30588</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30589">CVE-2023-30589</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30590">CVE-2023-30590</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32002">CVE-2023-32002</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32003">CVE-2023-32003</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32004">CVE-2023-32004</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32005">CVE-2023-32005</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32006">CVE-2023-32006</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32558">CVE-2023-32558</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32559">CVE-2023-32559</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-08T11:16:15.398000Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-08T11:16:15.402000Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-30.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-30">
+    <title>Rebar3: Command Injection</title>
+    <synopsis>A vulnerability has been discovered in Rebar3, which can lead to command injection.</synopsis>
+    <product type="ebuild">rebar-bin</product>
+    <announced>2024-05-12</announced>
+    <revised count="1">2024-05-12</revised>
+    <bug>749363</bug>
+    <access>local</access>
+    <affected>
+        <package name="dev-util/rebar-bin" auto="yes" arch="*">
+            <unaffected range="ge">3.14.4</unaffected>
+            <vulnerable range="lt">3.14.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>A sophisticated build-tool for Erlang projects that follows OTP principles.</p>
+    </background>
+    <description>
+        <p>Rebar3 is vulnerable to OS command injection via the URL parameter of a dependency specification.</p>
+    </description>
+    <impact type="normal">
+        <p>A vulnerability has been discovered in Rebar3. Please review the CVE identifier referenced below for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>Gentoo has discontinued support for Rebar3 binary package. We recommend that users unmerge it:</p>
+        
+        <code>
+          # emerge --ask --depclean "dev-util/rebar-bin"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13802">CVE-2020-13802</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-12T05:10:21.260403Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-12T05:10:21.264061Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-31.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-31">
+    <title>Kubelet: Privilege Escalation</title>
+    <synopsis>A vulnerability has been discovered in Kubelet, which can lead to privilege escalation.</synopsis>
+    <product type="ebuild">kubelet</product>
+    <announced>2024-05-12</announced>
+    <revised count="1">2024-05-12</revised>
+    <bug>918665</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-cluster/kubelet" auto="yes" arch="*">
+            <unaffected range="ge">1.28.5</unaffected>
+            <vulnerable range="lt">1.28.5</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Kubelet is a Kubernetes Node Agent.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in Kubelet. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Kubelet users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-cluster/kubelet-1.28.5"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5528">CVE-2023-5528</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-12T05:13:03.608382Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-12T05:13:03.612681Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-32.xml

@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-32">
+    <title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">thunderbird,thunderbird-bin</product>
+    <announced>2024-05-12</announced>
+    <revised count="1">2024-05-12</revised>
+    <bug>925123</bug>
+    <bug>926533</bug>
+    <bug>930381</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="mail-client/thunderbird" auto="yes" arch="*">
+            <unaffected range="ge">115.10.0</unaffected>
+            <vulnerable range="lt">115.10.0</vulnerable>
+        </package>
+        <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+            <unaffected range="ge">115.10.0</unaffected>
+            <vulnerable range="lt">115.10.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.10.0"
+        </code>
+        
+        <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.10.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1546">CVE-2024-1546</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1547">CVE-2024-1547</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1548">CVE-2024-1548</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1549">CVE-2024-1549</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1550">CVE-2024-1550</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1551">CVE-2024-1551</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1552">CVE-2024-1552</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1553">CVE-2024-1553</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1936">CVE-2024-1936</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2609">CVE-2024-2609</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3302">CVE-2024-3302</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3854">CVE-2024-3854</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3857">CVE-2024-3857</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3859">CVE-2024-3859</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3861">CVE-2024-3861</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3864">CVE-2024-3864</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-12T05:22:33.946434Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-12T05:22:33.951011Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-33.xml

@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-33">
+    <title>PoDoFo: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in PoDoFo, the worst of which could lead to code execution.</synopsis>
+    <product type="ebuild">podofo</product>
+    <announced>2024-05-12</announced>
+    <revised count="1">2024-05-12</revised>
+    <bug>906105</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-text/podofo" auto="yes" arch="*">
+            <unaffected range="ge">0.10.1</unaffected>
+            <vulnerable range="lt">0.10.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>PoDoFo is a free portable C++ library to work with the PDF file format.</p>
+    </background>
+    <description>
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All PoDoFo users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-text/podofo-0.10.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-31566">CVE-2023-31566</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-31567">CVE-2023-31567</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-12T05:25:34.545530Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-12T05:25:34.548474Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-01.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202406-01">
+    <title>GLib: Privilege Escalation</title>
+    <synopsis>A vulnerability has been discovered in GLib, which can lead to privilege escalation.</synopsis>
+    <product type="ebuild">glib</product>
+    <announced>2024-06-22</announced>
+    <revised count="1">2024-06-22</revised>
+    <bug>931507</bug>
+    <access>local</access>
+    <affected>
+        <package name="dev-libs/glib" auto="yes" arch="*">
+            <unaffected range="ge">2.78.6</unaffected>
+            <vulnerable range="lt">2.78.6</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>GLib is a library providing a number of GNOME&#39;s core objects and functions.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager or logind on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All GLib users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.78.6"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-34397">CVE-2024-34397</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-06-22T06:44:35.106379Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-06-22T06:44:35.109355Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-02.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202406-02">
+    <title>Flatpak: Sandbox Escape</title>
+    <synopsis>A vulnerability has been discovered in Flatpak, which can lead to a sandbox escape.</synopsis>
+    <product type="ebuild">flatpak</product>
+    <announced>2024-06-22</announced>
+    <revised count="1">2024-06-22</revised>
+    <bug>930202</bug>
+    <access>local</access>
+    <affected>
+        <package name="sys-apps/flatpak" auto="yes" arch="*">
+            <unaffected range="ge">1.14.6</unaffected>
+            <vulnerable range="lt">1.14.6</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Flatpak is a Linux application sandboxing and distribution framework.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>A malicious or compromised Flatpak app could execute arbitrary code outside its sandbox in conjunction with xdg-desktop-portal.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Flatpak users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-apps/flatpak-1.14.6"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-32462">CVE-2024-32462</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-06-22T07:02:59.833368Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-06-22T07:02:59.837565Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-03.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202406-03">
+    <title>RDoc: Remote Code Execution</title>
+    <synopsis>A vulnerability has been discovered in RDoc, which can lead to execution of arbitrary code.</synopsis>
+    <product type="ebuild">rdoc</product>
+    <announced>2024-06-22</announced>
+    <revised count="2">2024-06-22</revised>
+    <bug>927565</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="dev-ruby/rdoc" auto="yes" arch="*">
+            <unaffected range="ge">6.6.3.1</unaffected>
+            <vulnerable range="lt">6.6.3.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>RDoc produces HTML and command-line documentation for Ruby projects.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored.
+
+When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All RDoc users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-ruby/rdoc-6.6.3.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-27281">CVE-2024-27281</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-06-22T07:30:29.289298Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-06-22T07:30:29.293762Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-04.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202406-04">
+    <title>LZ4: Memory Corruption</title>
+    <synopsis>A vulnerability has been discovered in LZ4, which can lead to memory corruption.</synopsis>
+    <product type="ebuild">lz4</product>
+    <announced>2024-06-22</announced>
+    <revised count="1">2024-06-22</revised>
+    <bug>791952</bug>
+    <access>local</access>
+    <affected>
+        <package name="app-arch/lz4" auto="yes" arch="*">
+            <unaffected range="ge">1.9.3-r1</unaffected>
+            <vulnerable range="lt">1.9.3-r1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>LZ4 is a lossless compression algorithm, providing compression speed &gt; 500 MB/s per core, scalable with multi-cores CPU. It features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems.</p>
+    </background>
+    <description>
+        <p>An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash.</p>
+    </description>
+    <impact type="normal">
+        <p>The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All LZ4 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-arch/lz4-1.9.3-r1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3520">CVE-2021-3520</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-06-22T08:02:03.295621Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-06-22T08:02:03.298226Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-05.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202406-05">
+    <title>JHead: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in JHead, the worst of which may lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">jhead</product>
+    <announced>2024-06-22</announced>
+    <revised count="1">2024-06-22</revised>
+    <bug>876247</bug>
+    <bug>879801</bug>
+    <bug>908519</bug>
+    <access>local</access>
+    <affected>
+        <package name="media-gfx/jhead" auto="yes" arch="*">
+            <unaffected range="ge">3.08</unaffected>
+            <vulnerable range="lt">3.08</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>JHead is an EXIF JPEG header manipulation tool.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All JHead users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-gfx/jhead-3.08"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6624">CVE-2020-6624</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6625">CVE-2020-6625</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34055">CVE-2021-34055</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28550">CVE-2022-28550</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41751">CVE-2022-41751</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-06-22T08:28:39.822960Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-06-22T08:28:39.825887Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-06.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202406-06">
+    <title>GStreamer, GStreamer Plugins: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in GStreamer and GStreamer Plugins, the worst of which could lead to code execution.</synopsis>
+    <product type="ebuild">gst-plugins-bad,gstreamer</product>
+    <announced>2024-06-28</announced>
+    <revised count="1">2024-06-28</revised>
+    <bug>917791</bug>
+    <bug>918095</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="media-libs/gst-plugins-bad" auto="yes" arch="*">
+            <unaffected range="ge">1.22.11-r1</unaffected>
+            <vulnerable range="lt">1.22.11-r1</vulnerable>
+        </package>
+        <package name="media-libs/gstreamer" auto="yes" arch="*">
+            <unaffected range="ge">1.22.11</unaffected>
+            <vulnerable range="lt">1.22.11</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>GStreamer is an open source multimedia framework.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All GStreamer, GStreamer Plugins users should upgrade to the latest versions:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.22.11" ">=media-libs/gst-plugins-bad-1.22.11-r1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40474">CVE-2023-40474</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40475">CVE-2023-40475</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40476">CVE-2023-40476</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44429">CVE-2023-44429</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44446">CVE-2023-44446</uri>
+        <uri>ZDI-CAN-21660</uri>
+        <uri>ZDI-CAN-21661</uri>
+        <uri>ZDI-CAN-21768</uri>
+        <uri>ZDI-CAN-22226</uri>
+        <uri>ZDI-CAN-22299</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-06-28T04:43:02.949485Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-06-28T04:43:02.952359Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-01.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-01">
+    <title>Zsh: Prompt Expansion Vulnerability</title>
+    <synopsis>A vulnerability has been discovered in Zsh, which can lead to execution of arbitrary code.</synopsis>
+    <product type="ebuild">zsh</product>
+    <announced>2024-07-01</announced>
+    <revised count="1">2024-07-01</revised>
+    <bug>833252</bug>
+    <access>local</access>
+    <affected>
+        <package name="app-shells/zsh" auto="yes" arch="*">
+            <unaffected range="ge">5.8.1</unaffected>
+            <vulnerable range="lt">5.8.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>A shell designed for interactive use, although it is also a powerful scripting language.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>A vulnerability in prompt expansion could be exploited through e.g. VCS_Info to execute arbitrary shell commands without a user&#39;s knowledge.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Zsh users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-shells/zsh-5.8.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45444">CVE-2021-45444</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-01T05:51:00.103014Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-01T05:51:00.106061Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-02.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-02">
+    <title>SDL_ttf: Arbitrary Memory Write</title>
+    <synopsis>A vulnerability has been discovered in SDL_ttf, which can lead to arbitrary memory writes.</synopsis>
+    <product type="ebuild">sdl2-ttf</product>
+    <announced>2024-07-01</announced>
+    <revised count="1">2024-07-01</revised>
+    <bug>843434</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="media-libs/sdl2-ttf" auto="yes" arch="*">
+            <unaffected range="ge">2.20.0</unaffected>
+            <vulnerable range="lt">2.20.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>SDL_ttf is a wrapper around the FreeType and Harfbuzz libraries, allowing you to use TrueType fonts to render text in SDL applications.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in SDL_ttf. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>SDL_ttf was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All SDL_ttf users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/sdl2-ttf-2.20.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27470">CVE-2022-27470</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-01T05:56:15.409960Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-01T05:56:15.413752Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-03.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-03">
+    <title>Liferea: Remote Code Execution</title>
+    <synopsis>A vulnerability has been discovered in Liferea, which can lead to remote code execution.</synopsis>
+    <product type="ebuild">liferea</product>
+    <announced>2024-07-01</announced>
+    <revised count="1">2024-07-01</revised>
+    <bug>901085</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-news/liferea" auto="yes" arch="*">
+            <unaffected range="ge">1.12.10</unaffected>
+            <vulnerable range="lt">1.12.10</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in Liferea. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>A vulnerability was found in liferea. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source can lead to os command injection. The attack may be launched remotely.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Liferea users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-news/liferea-1.12.10"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1350">CVE-2023-1350</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-01T05:56:34.686485Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-01T05:56:34.688817Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-04.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-04">
+    <title>Pixman: Heap Buffer Overflow</title>
+    <synopsis>A vulnerability has been discovered in Pixman, which can lead to a heap buffer overflow.</synopsis>
+    <product type="ebuild">pixman</product>
+    <announced>2024-07-01</announced>
+    <revised count="1">2024-07-01</revised>
+    <bug>879207</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="x11-libs/pixman" auto="yes" arch="*">
+            <unaffected range="ge">0.42.2</unaffected>
+            <vulnerable range="lt">0.42.2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Pixman is a pixel manipulation library.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in Pixman. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>An out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 can occur due to an integer overflow in pixman_sample_floor_y.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Pixman users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=x11-libs/pixman-0.42.2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44638">CVE-2022-44638</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-01T05:56:53.181940Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-01T05:56:53.184714Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-05.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-05">
+    <title>SSSD: Command Injection</title>
+    <synopsis>A vulnerability has been discovered in SSSD, which can lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">sssd</product>
+    <announced>2024-07-01</announced>
+    <revised count="1">2024-07-01</revised>
+    <bug>808911</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="sys-auth/sssd" auto="yes" arch="*">
+            <unaffected range="ge">2.5.2-r1</unaffected>
+            <vulnerable range="lt">2.5.2-r1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in SSSD. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All SSSD users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-auth/sssd-2.5.2-r1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3621">CVE-2021-3621</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-01T05:58:27.689393Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-01T05:58:27.691896Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-06.xml

@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-06">
+    <title>cryptography: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in cryptography, the worst of which could lead to a denial of service.</synopsis>
+    <product type="ebuild">cryptography</product>
+    <announced>2024-07-01</announced>
+    <revised count="1">2024-07-01</revised>
+    <bug>769419</bug>
+    <bug>864049</bug>
+    <bug>893576</bug>
+    <bug>918685</bug>
+    <bug>925120</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-python/cryptography" auto="yes" arch="*">
+            <unaffected range="ge">42.0.4</unaffected>
+            <vulnerable range="lt">42.0.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in cryptography. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All cryptography users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-python/cryptography-42.0.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36242">CVE-2020-36242</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23931">CVE-2023-23931</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-49083">CVE-2023-49083</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-26130">CVE-2024-26130</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-01T05:59:02.809872Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-01T05:59:02.812394Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-07.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-07">
+    <title>cpio: Arbitrary Code Execution</title>
+    <synopsis>A vulnerability has been discovered in cpio, which can lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">cpio</product>
+    <announced>2024-07-01</announced>
+    <revised count="1">2024-07-01</revised>
+    <bug>807088</bug>
+    <access>local</access>
+    <affected>
+        <package name="app-arch/cpio" auto="yes" arch="*">
+            <unaffected range="ge">2.13-r1</unaffected>
+            <vulnerable range="lt">2.13-r1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>cpio is a file archival tool which can also read and write tar files.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in cpio. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>GNU cpio allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All cpio users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-arch/cpio-2.13-r1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-2037">CVE-2016-2037</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14866">CVE-2019-14866</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38185">CVE-2021-38185</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-01T05:59:20.652714Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-01T05:59:20.655189Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-08.xml

@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-08">
+    <title>GNU Emacs, Org Mode: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in GNU Emacs and Org Mode, the worst of which could lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">emacs,org-mode</product>
+    <announced>2024-07-01</announced>
+    <revised count="1">2024-07-01</revised>
+    <bug>897950</bug>
+    <bug>927820</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-editors/emacs" auto="yes" arch="*">
+            <unaffected range="ge" slot="26">26.3-r16</unaffected>
+            <unaffected range="ge" slot="27">27.2-r14</unaffected>
+            <unaffected range="ge" slot="28">28.2-r10</unaffected>
+            <unaffected range="ge" slot="29">29.2-r1</unaffected>
+            <vulnerable range="lt" slot="26">26.3-r16</vulnerable>
+            <vulnerable range="lt" slot="27">27.2-r14</vulnerable>
+            <vulnerable range="lt" slot="28">28.2-r10</vulnerable>
+            <vulnerable range="lt" slot="29">29.2-r1</vulnerable>
+        </package>
+        <package name="app-emacs/org-mode" auto="yes" arch="*">
+            <unaffected range="ge">9.6.23</unaffected>
+            <vulnerable range="lt">9.6.23</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>GNU Emacs is a highly extensible and customizable text editor.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All GNU Emacs users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-editors/emacs-29.3-r2"
+        </code>
+        
+        <p>All Org Mode users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-emacs/org-mode-9.6.23"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-48337">CVE-2022-48337</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-48338">CVE-2022-48338</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-48339">CVE-2022-48339</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-30202">CVE-2024-30202</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-30203">CVE-2024-30203</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-30204">CVE-2024-30204</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-30205">CVE-2024-30205</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-01T05:59:40.316405Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-01T05:59:40.319047Z">ajak</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk

@@ -1 +1 @@
-Wed, 01 May 2024 06:40:20 +0000
+Mon, 01 Jul 2024 06:40:29 +0000

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit

@@ -1 +1 @@
-ad7cf37eb216318a2076f79b7aceee6389bc887b 1711749190 2024-03-29T21:53:10+00:00
+7c19ce25facd6aa54d2b0f9a8fecd6020509009e 1719814176 2024-07-01T06:09:36Z