From 31a4e4c512b4ed524b5c4a7064af6edf22f1afa0 Mon Sep 17 00:00:00 2001 From: David Michael Date: Mon, 9 Apr 2018 12:56:33 -0400 Subject: [PATCH] bump(metadata/glsa): sync with upstream --- .../portage-stable/metadata/glsa/Manifest | 30 ++++----- .../metadata/glsa/Manifest.files.gz | Bin 419802 -> 421065 bytes .../metadata/glsa/glsa-201804-03.xml | 55 +++++++++++++++ .../metadata/glsa/glsa-201804-04.xml | 63 ++++++++++++++++++ .../metadata/glsa/glsa-201804-05.xml | 59 ++++++++++++++++ .../metadata/glsa/glsa-201804-06.xml | 50 ++++++++++++++ .../metadata/glsa/glsa-201804-07.xml | 50 ++++++++++++++ .../metadata/glsa/glsa-201804-08.xml | 61 +++++++++++++++++ .../metadata/glsa/glsa-201804-09.xml | 50 ++++++++++++++ .../metadata/glsa/glsa-201804-10.xml | 56 ++++++++++++++++ .../metadata/glsa/timestamp.chk | 2 +- .../metadata/glsa/timestamp.commit | 2 +- 12 files changed, 461 insertions(+), 17 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-10.xml diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index 15707c00e3..b4beb56618 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 419802 BLAKE2B 77b61430b97be606d07e770dcefecad6df694cb9d174d02e411d0c9124496cc8f3c082d220e88b305fb15b10d7c63b688c68e4484d9efe6cf97b41aabe095755 SHA512 3f233f14b1531babe34f57d6f927c008a3406b144de3e74532b3bf23c806220ffc43906d40c476f43e773cfbdabd98ea035b95415e8a23d7ad3ed93384c13bf7 -TIMESTAMP 2018-04-04T14:08:23Z +MANIFEST Manifest.files.gz 421065 BLAKE2B e5b50ffe2bff6e1107508e16429b0e9aa8dcd4044034c53166a7d066653c21e085a59cb4e867938b00f904f7abc63ae87d68724f2c506d2f3e384dfebadd3e8d SHA512 d6d92ec0eb389bb118fe14a90c5a7cfa51b633eae98383dd3516d94dae838bb21450c1f86c6da9dd7c536c539a0b941892ba8a40f25bbe44fe414a6659b84cfc +TIMESTAMP 2018-04-09T16:08:29Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlrE3FdfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlrLj/1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCOqw//dq72XGk93uVY1A2zF8LLTGinHAwKLl7Jvv5ueZk+fi+y/J5rcWM34KAp -Sup8n8N4M/i5xMhBpag2ZnMIDyy7X9qGMmr/f0uxfI/jFplhLUJIwLj9tjUPs7Ml -tv7Y5x01pQZYGM5w55EXk+basWkFNKS0qza8Gl6gYuHizB90fiWf91vIStgT9sQt -qgxlFuhM0cg7/4fCRZgKrLz+/CSfpIz0JKqwuNVx+md0OPkpq1LTbQrwUGeyRsi3 -U5+J1ugt2E6vgusR2sc4M0jlGPFqKN03maeQRBztepbuF0r6F7ROYQ4fFqT9hxQe -roprxcAiYqyRV3989+KwjcKu0Bw3eNXuXDZuaqA2FZdhVnfneMjfb8A9RILZz9z8 -RGCcyrEePJ2kpRoOB5644v0N7iZB1F6Jxm3G8U4GChL97ypxZUcqz/XwJTNYj7YC -bv0pAMfonPLWLWSH96r404aiAHCJzvnx7pfnKveXDV3ZEv83BeJQ82XtHHCIMlUU -lh4xaaB810rPMXN7hkS2TY6Jy7yBANRgnRiOgyMcsPupmpcUzXubFTkKt4il3Iea -GK1c9W2y9LZlvn3n21KRcgKr7MdZd50UWqiACcAoI4LYQl0zoIwJXz7Ev7zCYnHo -zJ1tIECigaXkxo1M6I9pHSBoKImka2nHe3JJXHuvBoCDgrMpYBM= -=KX1n +klCVng//ZCj2FD+CLhggl2gao3gG2dq439EDmwTErvUaX1G+deBU7GSn8C6/TDji +m6PpfH2d/9OJNKOvHrzi/DuK6M8wN7gBVL+1R41zOC8YWyp/YGM8cI7w8AEjykSV +LMLl4+XhNKsC6i+QLZNLYXChqxL9oMOvuTtBaNzGncXTeIuXlGUykPB2/8gl3spZ +OHT//cmshfKvX+nMx/K4qKZKopVEN11zyd8HqhM1KlbDbpPxm70tLT4ZJfOhVdR/ +Iymfefq8fe1s7E5HFUbnRBtTNzMMPWuhq+JQluWUWn+26uUPn9eaTS+tOMBjz4L2 +OpNPhyvhWIf72+cCn7g1k3aVn9L+k9jmJOsMjlIhJWu6gN5LlwRv6z89K+YqjBaa +g9sHCQRL4G6naqyl1v1IHLxDdnBBoDZhq3AYH+F96qWnh6iwXnvSE12yFPtTVIl3 +oWXpL1Kp+j02v7MZrXmR+vfvomxeuIxvw92iqB1iP15K2BwHjHAd1481NIYUvnbg +BSoRbgllLd+jXyr8zMwilppTYBezR9XT+9+rnfczkpSeZpV3eUHgYCLdH01f7/vx +n8XhwY/di84Jo6myrefjGa3r9LLS0lDp1q/AV5hBRIkO7HOV5s4C6euYMxI5L5cX +P1qoJv7630nM0q5BBkFS8e6zX7pRyMUuhvrQQ5cJD3dcpE2hH/c= +=lkul -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index b5be97045f05bcfa8c5ce623f01e80b9596aa1c6..237780ae768af527e159dae46d3e6fcc9f19c5c4 100644 GIT binary patch delta 9914 zcmV;rCPmrW&l$N}1lddFgv<{4Dc=U9C~(p)s2VlR#mm%*V3WCDL*l2hdcNsitkt)5__* ze|F-DTRyt}6~`XkJip|`-}77gD81z~G#fm&XY>6$r{YIMJrI!|X@EkFUO`+yhD&Y5 z2S~}kQU_l=LyibVijwHwO%Qb0T9TwRrK!@&!R=Z61fV~>f~10rRDVERD=q%ydtRPw zMG(|)hRVy3NzBY-UH*phMw~J)MT!C=f73SHb34ddZ!go>DD7w~dnG*Q!LN96xvg5X z6?Ye8$}DZ(*|?PWb^HGkK`O|y0hYh4){o5M@y>}!>ieT+-PQm*Nhw}k0+HA_>=NoL z)-Vx0gEt&SoAko#Z-mu(5UhIgw-3@_*h0bHus5pTbO_tzO~l3tO7e}_s)abGe=;%Q zLx-OCN#tOtd%J{a|Ve2L+4OPe|nFb)93C3ibaoOi2IZ9Eu4qU^yjIG7Ew9ye zO#%t?zoEY=hm$C%kqZIGqL$^Cq^>(vr&i_9+T!`LT0gdJANPqDGrt8qeV@cp_8_i?<>k@0cbS89dnVLo^mNNN&6-u9Ib0q6IAw1HbbDP`m>4Q@QO1@i3x^Dzi9el5R z%T(0$=+vsrp}iOie>KnrUR&=u2z3Fc^Sy0}_tlf7aLuwac(`=&7*XrWM-^yGhNU(A zAnv!NIFocconDI^1_gms=eK;C&b4e$2X%MWm1Mvv^BTM|Bb@ase~Vi`^IISC8TR&e z9q||lyM4r_u_STO6ET%HCHy+eZO~qoP|d+qO-8}*%s=d9fA#S}SSOXGQ@$*+j5jUn zwEjFhP>V{1WA-?3qrxE@#t880L6D)q3Rh5Tlg+BwqBNeNNZU=ccjS~s_TJZBd%72= z`WQV#WwZb_OU|cO!P0QnbSmBfjzj=Gnzv-v9f@61U(@l(E9i~QXbSLxk&p@%Kf6oN~sSBX%VR>%BFKg{qL|YlTsr}clOF`-hg&~vFSDjO@PSh-;ciyFSwDx~;4jbOr}K0p~l3KcEUPd%9^ z3rMrQ(EQ~{O7w7Yfe={>`GG6(`E&$M!n#*UfNM z$z$txPL_p3qg~$3le8#4R-2#S2~Q(eM(|$f;AJVOijT}q`Dj2#vVyX@EH+WAPtDze zc4SHWyc-n!Wwr93^IPigQ7h!Fa+oP1W_4WTXx4Vd8D;10?H+t+xOMtxbRv_t1mfqM ze@qp&YoZX!67#?^3e=^^S619~Y139M-zaz3RyUcjczK_-rF>!epbb{wj06yQc1%!g zdoB4tn;t*(OLJZ|nHoc(f|beOSmG*=(^>$q^N=YlnT^P`y7J^%vi9YSSIFDCr36hV zrFMFkMU9l^U(qQr=VifMK7?$_9?nofe=nR8lEI@oS;#BYseywY9)3zXSto0*d~F@A z$hOeG0%QcB-xI{DGi%OvI$%r<+huNC5)(UURgpjSw@$fphda=+;ePey*BWd9yN!;C z>!E&dfL#B_?Z$tDQ6AF1QWFj`FF9gO&l1VW>rkq7YC+9e29%xbB#PQX_|z=H1VM=z zFPAS)1|xqT6^3=fRza9e^{CoTSm;jKaJqmH^%~(&VLxm8h63W_?XAP@*Bk4tH9|O}#Jw(}7wKhq%X|Zvd%2qa(j$528ob*Nyiuw8 z(FTo_X7&{zkzbgU7gGxomS5=y(Bmsy-|rs^l+OURu)&lri#Lu`68DsS;~h_YI+-y#Y!gT*U9r!_MqbRiel(G=HAydtap%e zlN*1pf}@sk)24^RsB1W{1Tr~Qy*?62HUwYF(1zwL`Vd(J#~@wZ-0fJC`EtS_sT z|K#kKxQB^!)@*E*Y}}DI)CnE>4istTk^e7gOi;6;eoU+pnRoj^>grRSFyKW|O+;2Z zEd_i)=0tk%K=V3L^G(Mr_yn2I3MQ=&S?hnt>FD(ERRWu`OHGUHv_nz0u9HTnGRhn4 zwaHFX&;4b! zUcBmeln0Psdp68dM4hK4K|H;`N_%qKLT{#2uPy^5TdHwd$}K%U?^RwisMSRZP&I$Z zqe;Fj8jIS@vpE6|WNFAnQ6atU&FajpCD%J{ory!s7t#=CogRIK5c#ShsHy9$pMus| zC2LlCI#b#oih3e$Rp%q#O3?#7lBTlkVQ1zgT`JV6h=9&_Bt`H2l^$BA#`IiTDzEfq zwSKVthk1eAnwi|oe8uzeW}j8!ENy>fuUqh^rB<;?*1J)~265*+epQLiF#6*7m0-|wtc3J4mnJ~h z=|GCwAJ3Q7`msOy)Zb#Q0E+vTRLy(Gn>agar;raf<#yUQAwg{sSskrzX=ZXzq-(JM z02SmIr%0C~e?ZbAq2MrhQS(iKW)Ldb#8%&*ibYqC0*-v$RX43D&)a{?Cg8JkZO^?Q zZ2-YE-z!>>+fyQyQd(Rw-K+w|WO57`sGpiXK6yj{yu?$NKRHc13^G8*L7C+yr1p@_M+( z()diVYK3>b;HM5@H?Y}zwc8g(XzL*(EZwDxmp$Yo?TBT{6>U?F_Z$R)V8$bFsmQ5x zvb@OPC}5d~*iF-n@&E~S{!{+fX+`yE6AQ_k<5Y7rYLR>G;2gF0C8Ghv!kThK^>QR# zY>!*2%%K#M3dDb>q}6Y$^&^@7VP25b%LI%+S|b++E`knE#9$DPt?TxX!Pq(%shsSd z)SR$8%d;-+i8xIZ*LM4W6M$~wsv>cO($jfRj?ldwpXC4O4swsm|H?_-!uEKJ>5{$@ zA9$*y72+h;1tNRbDQTGHf()2kyz*=W2=BQS#b3`Md4+#dZsz7MCr|x!hOnw4a%cNH zN{inThfTOTRYdP%y&Gc@LlV|05rKK+Ri%wP~%N)i{Iyqk5 zz^X2qZh?P}+mo5YENXC3I+OQJ)>;sclP#;(m|hEP=AtNi;X^AKV|ND0zMwR+XxQ9b z9oRJ?AtycE;W{ep%cbj}e6f-6%Bp7-OLV=Ghr0P{ZqkWyVzL-r;cFi=!qmy+G7jhg)#;3gQK z3S=`Tw-qMEIIpgGS6(Fs6N3RJT6s-Johmz_e~I$H`|>$_*dLwxti>%GY4a&kRre{J zq(p!7by5`Bo8o8kR)>+Cy3c;O^{+$J;Z%L`lvk-FNFf&UwuxU&T&)i=RSLj=_C)Mi z*+fU}Le_k0eO`U}+;bt$kihbs8t5gtaeZBFcz>d0vSNR9&P5GP9lu8TA6|9(oJgVq=o%m1+hOC^ z$PM8WON(HoGKMmR>{#ii1n1!7{8W#DjiO@H zxu|kii<lk{{V|35Ha^UPi1tlmRJ*vqDGTv)*WW?d788hd?G5)as$n#f~#l2cTSpGvym)B0L z&X)#_>RR&Q(<^w7PSNF3`(W)r_f`tYi8=tE0#3 z?5taeS$N@;EmG8j!W+@1Pc8Rb1pML9s^Fq*@8wMLq`=5zTirseDb*Jr$yuz$iq7VQ zjco==>bLHc_oEm_RHH%FC$*06ZiMx=b6jNYz&T`RX=~P1!}q3-G_cZ_s`^JVoz4B8 zvGH#LB6^v7uKTchp;&A>44;28l$4A6H7=BGfkgx7sZ6!L!k6Bc>c)`w?{GWD#x9s% zfu3_~$zH~do3-_vt4gd7MAb6=pca2s)#?r`r|MOf3E*U93b(iSvG4dD9aZX7<7U;w z37z&0JrudQSm)OI)L#NPg1eB4>e?LJYdCJMW#omvLFO)@us z03dH$U7wNYE$Uon=Pbw5n6h~q@z*@j^RBAZT?F~vA$UZ!+f>Z`bfPUunB5vm<^fv= z$Kkweh)zNk=UZ=G2d94=9F8&t<2<(NhQqzQBhSS(NY`fw*Or@?y5dB;6MM?M{JB~$ z$@Gtz=4%MT7uc?Q$qM|IQq#6w-sY0p!F$Rr(KcU!5T-fV;D~6nB4^@~ad{oe{PssV zC{5iYC`?A&!UbBD)0=$t{qawU_ih2*r z%QA-tRR>*)k?6ap@w9O*=ER|VJZfDPS{_KP`=}lSI4^ch4zhz&@;Th|rK^_gm4N|I55 z6H6<{_+rOXN|YcQA&60rWfz5t#pYCVyg_{4*%!{W9n!}$wf5UA%AiLPdFyZ{W0~ls z`l;SH-OC@MGf9Ae@eI%WD0?^704XQC|5-zCf@qu3yShw0mk0qk<>UXKrmBUV#8XnI_ry zmreYj60r9}Ej*IEByoAEMtHx#xkc8^>0lZ~q5fRj3EI(K9UvijC%p|6XY_XQnhJ>N z!Q+3d$8w}AoK*Ps<~Q}=4(8HO9ngI^Rl3F-e5AE0HW!`2t)3b5d-VDk( z@e$_@bWwp!6r}3e-GgIq*S5kT!YkV*>s#bcu)940oHgSwHHtEaot>d| z`%qBykES&$r^8hw^NMHO&T`pb1CtclwY)Ed0cz8nyHZ9I1L_F;HT_8xpG|+d6Z2*q zb_r(-+ZZfse0glj(cH%Me4mpfOqvEQtET*AwO+b`AF4lK&^aBX9O~0_4Tu~dB1BI` zbTqmop`1kvJa2R;kxv~w^~YuH*liWq;Tu{k;PP!r-EzRj(wK7OR0=D3Yt*VfzoC;F zwEy(7?1dnPt}?b+%zL))fuMhpN(l4^I`xC~ir%EjQyWW?i^H6toKiVy;CWV1O&PUF z1nCaodqtt$IPYb~@^q3lFo+->H27W)5Ac>%#QU;Z>Bm&~Lz#tI`0^NW26!8Q5@*}) z{2bKgkIZw8&r4Bwjg+Ygh9lZ>Ed_b*Nkz{O)7i-ZrPaMhVesj?P>?st z;>n+L=`Y8!JK4`sB`=*1g&E~G6%Y@4ZktH(UsJ+6Pf8C?`IpuDvG)$2S|fV9pG%d{ zLjIu2q2eOvsn~ow17CmQBpNzg&vD}nWSe7<(n!$Ab-;t zRB4#D9G(>v4V;NxQ`#OldUXSxMY?qYZ{%TuX;4~`V`qeuL!f+Ga~h6ybAWO6ix|cp zBPk>YQ|+bo&Qoe_9`smn7q#9eUEeg<%^gr&nGj@1v}$F`Ge--9+9b>i4auMtRPeV{^zW zRR!$s_9nnRhcf$`;B+>N2V0KB@xiO6KJ6+Rj9ORJf(!_2MBtaz>!2)D;4-?Hls1Ih z#fF!8o@{dsRVY5r0+Nu4f0Cyu2714S*X3$nwRQe1|WZ&Ehev72+-5vpsmKXbnWPY@&jx$sGq7v z2}gOW!(L$4BV8IVNp~@nf<`%1Y&t)ga#XoR3%QzFaDfONRa|-*suwrqjV{ZI zk+z_+qZyB?>U!Mpdu-I~c#|A=*_fA7Q_q*x`q3ImpK}n-&uY>}Ik6}>iQY%kIn;j{ zZ*ZvU4O#&L<)q=9qjEHho~9uF6L8-&>WQ3Tb~`YNtbE=o&r^jfGq4<20-4vTmH>&< zaniP=LCWKPn+k8QvFgYVq5Li?Y{f@IIf`+WJ^3&>#*Yow!#$?F*+X&FywxGmCCNAH zXOoZF^~&}~Q1oLt2L>b!dMBLEZA5?P?Lu}*i!S0<{IXg<9I_8~fp-(myla$9z`4Cx zwst+W+9r4H> zRSRjhRbWk~!cRe-h0d>o8jS-^wDank?Wm`PcjkOKEt>%J<;!aQXpMYK=|1za&rw&d z{LD@X+P!u1ns^Zeq+$%!6hMiqQMV^u8chsZ_)+Na1e|^ji)X>9aW+G{J=>1lB#Nz-O40qCS=T+yO|Dt6mMW$U^>SL*;oM~dQNUo1KnspQ3Yq<2t3X*jRhpO#g3+0b4} zzNR*WHcdeL*1k!dy2u%RN_Z+KYKzC}^igq9v%|P~xwj&xJx^+G?WfiIC0u-2t>0L_ zd_?)8)me+Hg?vvXr^Gur4D){f@=<#-X5V=bFjld=Kc=mYyP=Os3dx&reK_KyE z$L*d(pQYHRGns^RO-U!a_L9^SocA7kR7eqqdrQEIC`p7THQRqyZvk@XU(2WP&dU6< zT0e8AA5lIM6N$<4+3cM@!vu0xFWX24>0DCUS>BMH&FJ?%wvLN4r59zh8q%zR<17B- zXs!)OZ*l>;V|nXM*q6aFy_e!~0clGWzZs>czWQ4Zhab|fCHu9@9+vIcw69nV#A#V% z1+|r&YopQ!M#+D*+FIeft!naKI*ja^-mYnj7lEB+I1}WFkGpRUyArStT zDF0*ceSUNUm$Css8hak>rOp=ZDo+=U7+T*1a!YAa7HjaFO(navlqbCSRcq6b<;_sA z4gHUNgIQO*P$V8SD&Oug#7C>G|pYNmVecW_7;DM&LL3MrLCG!H`}nNaI`5~ z_3-LW;`S);gsU|qhsRXCms79AFfmL60w(~WEcRjbtB+dnvrel`F zG~VEMCtH8Aj+r1c=k$`@o6SFn(ySl5h`{io_%pCSDTn!5Ek%7OGmB-_BfCIZOnwy6 zd{{{kye#JuKA(umUn+yvp0PQ$zi7JWcaChFkpo4&rR*6+BLKbR|*bZ5RZ@jZ}9sI0v5p$6M}o60ez>L?NKR5x!P{ZcF} z>|mjzH03M>{-e37Za0>c`3(EI6nNjIBQ*6hd;ue zd-Y84THzVGL~7I1IRQ$u5S$6Ay5~HPy4io3?LEqNIhmUc*a3mse{Zp2WswO0Bp)^Y z*?fcY<0ckN`#l%OvW`1bQ+`>kA0M)hzI<06VQr%a0tF}WQiqpvMdcFxB%>4pg*!)8H3-3dOsLYkAmy$gR- zP*QdN$#YO@W{uPhccd{69moF;q6s1zRauu`P!F9a)k;qOR^S~^p#RES#Uf2=*yM1! z0#)~=f`>+gBV{(6qw`e$GUbP9_seSi@O(aI11+q^j@OpKAV!_9?8^X6NtaVn3Ms&8 zHO?lf^U=1>;JbyHZVuF8pI*tXOX`0EtK%Jks)%)q1;@Z)UJiX}1SLDep)e&S$x*M> ziV80#pc=*cptQ8v!kN?Sx~PN0UQfKCtsWYRYJ1hkIL{_4sF0ZW^sF^iQi$E*7bn{D zRxGxE!#VGo_^PV9^0tC34x%ky8x_`<)%xMSelmr5rK#%cMO-N5mg*WbVP1c#kk?ZI zEj3|)WaLc!sh#O%{}54!f3Voaa@OU!YbR4hg$K?R#w#WcXsgi#6*X&W=ZKmRoDqA86@Rnhhq6$Axb1Gcb$Vv9)4XV`}ol4}e z9zj#bQ!h^qkyOb$6&|FB<5hoBVB1tQMsiL@`LbFsC({qLGSw$2osv<30Hu;lF_<|V ztkmD!?opH2Z!d^6sQ0APRkl`Gu39{iyfJmJ|5=BrSypJa|k3 zk=kc<&G!U&&J&IzW0`{Uh0jpHT9`49szBk z$rYDlz)B^0Tj_)=XR@nmPwjtb&(!5=EvFQ`gnAqqj@}@-4%#`atI1t`y!6y;&9d(x zGb{;u{uXckwOabm9I}6U0B?s1`hx)N2!R9EgrBb?ePd8yIRQs&l1h4%mNY_F>OUbEU+=ncAEl zq*q|~IJ_^EUDDq(%~ClpVjQQ2@2q;ns@mbkgRJMqxEkkFIfs^jUykoPpZZMI1XQBu zmoli4guFlpPE<*P*9$LYOL9$Ri1SqblBB9y{R9s1Ym*}TWwow9T|}0+ZGsDDa`>lj zV>Py#5ON0N53zqCorGU%F*!g0t1OI+#LwkqiyH1!LA=Oj_lHkeIyp84tbt*BJKQAk zCy-XsvsVhK55 zts+6UYB036i+J|FrtxtgcChyGF~6nYu2cV2BS(F&vwFUSd=~-?!(Of`SUdFV7=_h_ zvN%hp(|cBH_s5`Wf-_?d7uZ{sr$Es}3|8V$c`3!~4)0p7TbAE&T&<6P_}72=w}1bS sfBwh6|JUE1|NDFY+yDO4{LlaX@{9lTx4-?@-~ZwN0Tp265+ChPJylsDp(c_~s9e;66I;hyOr>p8tlW24lguI!cY7zcmi#pSkY z(N^4DkSVjYd1vEN;-B09mk4r#EGuC7%WD0|EFSNin54cxYSwKHu#1%9)g=&#jl(XX zzG4j%(KC3%QM5@fy#7j99S6axCI9t78Vp+~*cNl}u-2~t_3=cUH^_Lg7zmQWO~FFEmNehc9DVF`G;mv&RJ0=*r`9TXoY zFj?VC?Z5ImH^yliuCuiXIpDrve|;$HomHcRa}dud1eslj^EX5tGIo;BvBBkSxlf)r zDNVF~*t$@!C=U)>lc3a9As=KKfOsYtlWqEKpOcVJ#$;32-)O2ItZliXArbLfDf_j& zR@XHNB+P%i{-zvGqM$}D1RRT6mS2*(?o^Fhm7lf6^JTSuY}-EW6Ng6Ze*pPv<64ff z9U@@L*_;EXhGiovg*L9Ovk`{UkqX>ONLK`MPva?$B0r4h1JRNrw->6y{7)8R@$h}> zT2SK^w!~UW^SlADubilQkA5UU`}AX5pQY(AAUNpbUr+uZYA!3n=FIq_$H3wZiIiM{MWTn8cT z$N@V0P+X171z670mtjc;8Gi|!APzFy0j_a!s`TpEtaIRc-2m*eQ|o0jT?l^f)mlA- zx|9oAMF^2QpLmlPtYnGg?1h{n3!FL4ppBZhrDC;7s4hUD&YCv+ReXQqq4uS-ur_Qp zR@IzIb^NFTLJU3|WdpBrb{WxMR_iyGj~~6$?j0S#t={|wN8g&n8h2y1{Gf zJqMvK;BdaTF7dv4vJ|dab_NfZZXP3QUHPa2ZOO2-rtif4x)f)UZl}|0k;9-Mkm~%F zPs6#E?dhQI&bpHfIDchcgI8vRvv%iiaqDM(>q9=n-rlYw9s^;sk61O9Bo2BahVrI_ zUuU@u+Uq1#b1+qtQSdwSANI2P_#mu{%F-!c7Foud7Ij*GUJa;4rNS|L9Jo>8kPTx5 zc=aI2P+)~SsI|#vRcuijPgkUE673y1Ws$x2b=O|*#i2e%3x81=EkMnZ^Ql#^G@Lb@ zig$n`5kQaXE!jOIu}kV}Iv#lit+E;IAw7TGzQ&*aRsu?W%rxf_DE9QZ03bC1^m$mG zTky+Tn~G>FBR91F`gJKtJ)tmUlKQH1>fMN%rMJc#cN$ExqAK&6gKYV0!F^L~JPXG3 zR0b$Mr2p3~27gs(zd^NK`-9UPq(RNAZ5`TJGCmRo%$L>rEj@gE-0XWTQ>L@8x9sR& zp0r~KVJ^zvEj{8bRy?^23B-Yz5=kKdKNQoh*ct$Nq zlx>zMHaWLhOLFg+UkE}6>Z}luTvgk2NwZl+DWWyau62qli& z8j11}2Ic*xt*5nZcBqiz^HhQfi~0a%2q{#wL_hUpqAVcIvcIg>kM!_|WV+H_8kbPa zb(ay5Gt$#K&cMIB)CGGPjDEP~2C&d{w0xu7VOvcyVe#@lYfJgU@Oe7>zC%dYBDv3LIo?6 z!GE#DRUW6c0ASZ4Q&=(^k!v;O$+Kkb+ZnHrw{=SinovsZ^e&4UDUH9PQ((@^g1LMM z*_1t;p@LqxBqW1Jb+V9Gs8a(6Jv{uDbg@p>T>0KQT9Iv`e+9@0K))x5RcF?m?Q+1F z8n(&YxFsew(5fPT>Tg|g=MHzEWy5^+Jjm5a->)uMorWH_->}G+9jNF}o6!Ay^_rZI&~u55j)d_6-HZ$LX!Z^y~HY z)*2z4QR3b=(Tnuby=9&N=2q^izjRODxd!j{18-ESezZX&rI~#NNaPO&<;BoK%4wCV zi!3SF(IAaKIiz`ii?T>5@cwbgX#+Fw0nu-(^($`iH9tDdCZ5|d5XuBjJ!K!ELZ{WM z4=)K0M{iUj5w+MCRRokh=PuP8jf_s3sz-ot6SVAaf!;c%XWnsQIR27JPzC zXa$qjhphE~<8*X-_$q--*`%gLcG{sRThmD+oHEKQ>$S;FL*w&U*@I;6O!(HO>fBP0 zRlLkfl&k=+d#o!JYgq{TiuGi#DVjnm%vx|$4nOnDYQ1>X?Aaf^kZh^OX(>~BeBP_PMo_DZ6rgHvr5*i^l+xMJrwms+*6&8IF+IY zdL&I{*~8AvOS)93QxO53??{T?`zt-POpWQewNzf|%WC~#`495~xiurXm-&j<<`lMA zsY>1Ih`Q&gM85qRsMV&)Vs)m4C?JhaJ!$PYl z_-Nq8uLlKISrYTu7`p+Jime7+8Z?6=y|UteC$A%~#>bLEzO2^o`7NsPcjcq*Lm};Y zxg|knTk1rz#wm~IdI-=g)gxP7%TU5GShx|CX z${^>75(*B37d77y zXa=E@O>Fi3saSONDB#G~U3Jxp@|s?MHUXcVYkTH?vbO?P(M|D$i)Q?N$@>No50qZwux%f-#HwbseK>n65hNp74v&=R=Zwx5~8jN#AKdRs7GA6yK% zXi8!@>Z$DM#fByI#%GHj+7(fMZ?rnpF$utqb;HM5@H?Y~;X}2$m z(AGmnSh`CWFMG&G+7Zi?E83Ptp!H7rRQjtUHWO|)yt7|u|007GP_btDiB|Pl2*U1){kWR zhj~F#FB35SXpLMPxClBt5raWEwyx_#24m~oq;j%*Qgg!YEYG^MC*m|wT-)sfP5`=z ztBS-CN-yU@IYM(gKFR;l9c1>C|CWooh3)Yc(7hfTOTRYdP%6!O%ut|}dP9fN&MN(e;N)YPTf z+wU}J_97usn(3^LlV|05rKK+Ri%wP~%N+V7ogA-j;HfT}Zh?+}+mo5YC~9y~I+OQJ z)>;tvi!H0xm|hEP=AtNi;X_X{#_kM~eL-nt(XhF>I`I_HQ3!Idcm&--!J zv6Z2Ifcc*QNU1KVA$yYz7$~Z*OUZ83M%Dfda1)GA1+p2F+X|CnoL5)9D?cR$6N3RJ zT6qmeolbT_`x51U_vLf=us^!=S&LgX(&kg7s%}F#Nr~ov>!c{MH^uMdt#%_hb)Wrm z>tBbc!=?J-C9hIRkU}ixZ4=uFDkwqm=uu5J zknw(2M@AfO8ZmP&9ODoBN1nf`Ebi6%!SWwsy1aH`b-p!dRM(OZA6~(Gbc!yQ+6QX~ zy0=nDPSgST6tH4*8^)99`54-lkRk6apmH96N=vHs#Lk*R%)$$&Y>}cK6yAt7eac)`wXPAz$u?vP*px4-1vbS+#vbLUcRf+Y1IJHba zsKsAZwYme#sd|-V0ytTj!tL#S>^pu(N0mC&xLGxELZ^L04@Isn*0r@h^_Kt+dAHzr z>Npe;^UgxFcB|_Ogd~AP4U-xveu0>O?1O$;tsgA^q0Az@Q64}QFCxGJ^i#qo4qNBO z@bRd}d4r8EDdtT*A9t2=yH8ZAiNY>wroXF)MIGyEoaJ~KQ#MZ{ z{+cIx-c_}_iy*%lf=5)lO~u?VC)$#P*{z{u9}%H(wpbAtgEya1RxP{o1(gP3V+1&b?38`9^W@x*~Fu&%c6QI>OCwk%N!n59ds#1qVJx@)5f)!6NmEg zs5Mn+c_6j!qk0hFyx253$PP})=NP*R)fCC;1Ftm{=8fsgYQ>*U^T&N62_;RbB30w7 zP^pI%$Uar`a>T;~EmV(xc9@UDb^s-rAj z?fm!D#o^<9>3PyrIpckui=(EkZ?Mm-_7kWT=%}=(o}yx>n7^!l)-Nm%RD4&}w{FXP zISnFJs(<1TD1`fQB1|-HS1Kt}w{Op^&s6(Tl8g$RSbB1dZ+1MTLekYroB+40;riQ-?Dd%S12LPxZ!WUj7iBNdg2MCk)gW)|%wt zm=@)dl60L##U1p2ebmI^u-8C+qElcjvvljZp+uL?mQAzC!?|}A)_LGBtMv=Z%O7}0 zdF3Pd0>Qqxekn`Q?x8`93Z6ipv9)!01p)+Rnq=SKHt~Z>z}^ql@JRBK#O0+L;r#~Z z7Fjo!gJ~3n`g3U~Xh(ZBfQ00o^fpi&(c8s)C?KW>kFy?s%aN{dQQ_O0-_(N{%%$OU zK=TIU%-&P- zoyEug3txbLGSXyqH1;V+zL`TWAGdH8-eys|%Xc0_QBz`i(-j3g+2gIwDzS)KLI=I3 zw#(>NfU0t-ek@mb-DB;%DS6O|C2#}v$5m`5DU`Lv-nw&5(a;AZTgoVC_b%uA%W9oJ zc9S1>KG%IoOXL_|N?!fOssY21YI;qvN>9}<8pcrAvIo;3o(G9#SLD`}u9Jd?{MRjd$$gKG%MlH9K7RIQ*}RbkkjdwE66BbT_J8MHr>Oc&H`b z{B^Z|(u+eDKJ1U$(W&|GXIqeP){MW@D9Ri*c81pNT|v=DN}B<9yB~pHrZ>itVQb(A zg%Ag4N4Y5PFyzlUG^`M|9gS0QQ5jTxzpT5c|Bt`)X54wx!+WkyhpR~D6;Geea@k)4 zlN8ytyf1|T&Z;^0Nf}KHID6o)=})5gY|@>7m^b6FOSo#-#$Z|F%VSfH#x}0!`&=Yp z(llsUHRUg>_0kReQ2haej^Q9>SD&V7K;!@sA$lmHqtPV^d80##eCgn+KQ3#> zZaaY;zM;heF5i~aEeC8YjVVVirLdB>M)lO^H#Aa%_Mcvsy%0p#RmL`pdC&Ge5HwPM z34#7Vr+%hnu$DIW!Y^kgfzc^7TRQ&%4LuVe{DzS7%tMcWu^zpgHG zzE9_zB;Zm~URuJc)J)u5Rdv_Y<-1QE2A`%21$mP!p8P$x{&Fn4ll>f3^3wHCm{D$1 z0r8;MwuuD)RVBRhp!DFBe_5>`d++e6HKMoswNwc$+jI#x-nFPkc5lAbY?Z>s!&{7q+2rD57~cves}a3pq3se9n))eUqO zY3c-C$-@NGptK^#&Il)mK>4)lG#u;Z0OM*mF^oM%Qb-P_+DmJVr_|a!=&|6)rxtv= zY~){NDIGkoZ>2c0%X#4ey{gWC-}csTOTg=ci*cShS13__0Sa@yHPJks{ibHqp(o8P z3|m1t?c`PRKFT^ZW;4jKo5-6){kHYgD9<@_Yz}#)s({UAZvxzND6_8#PGhrpu;oY` zAG~Vn)25<9KhG7lAOpf05%^>EIw%VjxQs3)r48YBvEgN&C)-?I6^g4pfFxw%U*u_u zftEEKiv&bItWZRU)5J`iIONE6rIJofUdWqYR_nLc$bEd=RTn3xo~`oCJ||>4S*X3$ z8kg!|1|WZ2H72iF2++gfpsmKXbnR$?@&jzssh>`b5{~j#hrPk9N4hm$lI~(C1&wm3 z*mQm}<*0zug*i@{FXU=!!3838RB`ELs9xNVH@YkL*9D=xGY# zzX11Dqn^kaX14>Q$jaALd7dg<8ao~NA(YRe z!d84Vl%p6|*^>{GWBk})J=|l;n>`d))mt4BU6OpGem41-U9W6^1VulVb6`Nypm)Og z+D3nL-Y#U9wCEy!$1kh(!y)@%7kD?}%)3U(1f1!`vbF1_)i!ZNC$^&RmNLP$use#Q zPh+X0q1L)rW@mk>Qe53mhT^oKWeOt$bGQ^{^jeI<7j#;@bXD2a?+@~M-M-%0_J+n< zr|Jf++7eS>6RaDhS=&+FMo-lLnqG#s^_PD^;hi~OPRk|$efhFlKUyOnQ@YQ%?Q@(fpZv~73EI4M@|t)N1f*hg)f7O9 zt5UZoT^dacTKG}u@C2NG4vS~Osc|+#ot|w+ZW6`V)P>T?#gp%ODxVKhmJ?@TaJ+x- z6Q5QpC;uV?EHawYyhA23$BM!~<8HECgp;*{gQwu&b~c*c+^U)l1i? zXS(0P{%a1cj{tO1Gwx{7Koz@fqOx_}pR4t<_b%_f)l^zxduvEqm91;u;8%T0tNsB! zUNRJOpfsG<>`%+8SvItnlCP-^p-mIewzY3kqb_oWpAw$R ziQ3|^I(<}J)a)>BUhY)nwBzMI^v@53dCw%_0`{UIQ)=)E!nT$_ONWnrhUa~AWq97E2ypHTpN`>FiL-})z%8poBwfw72w6}jqbPj>4E^XC>bF&SL3P+o=bsk>bN!(sVQL01lmRZ;_Qxj1l z=6PwrMVyrSXe7=g(B$<-kZbL9qXIFFocZjevYk2FwzB`STEDP7VCNmTsQi)?Py(O< zlxl+0oJw%2jcRl`6L{*2&UU^>@UCa7OyXQ%sXAskOydoHbFzOW>zD~Lb51YWz1jSO zD9!q@iwF!aia!JUlX94^)l$@lGP77#J+cdw#pG8J&AXKZ!Rxk=9X(kB;sT1;`EYsGE0P*KZ%s)K{-8Db7-SX}) zYxbt^AUW(ZWNCj5%F#avppP^aa2^jQ;iNBctYXVq)eW9M)OLFXN*GmPkR*NmY7F>UA_`st$iaWugwgzUk}BYWQUKw%)5D#VhB`EsZ(cnUyjFO+E|J>wG){ohECgpl zs_r?@qi$VxW_$OtT~5Yk12#aQ_TO7PvI{FuaoVZZ0*Se|`mYRZ53 z*MIr9fB%nv{>Q)n*WaH1`+NJ_|NhhX&;S1NhyU}pzx~(W|Ka}uVbGa#A14d|_fZ6R diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-03.xml new file mode 100644 index 0000000000..c59928cc59 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-03.xml @@ -0,0 +1,55 @@ + + + + Poppler: Multiple vulnerabilities + Multiple vulnerabilities have been found in Poppler, the worst of + which could allow a Denial of Service. + + poppler + 2018-04-08 + 2018-04-08 + 644388 + 645868 + remote + + + 0.61.1 + 0.61.1 + + + +

Poppler is a PDF rendering library based on the xpdf-3.0 code base.

+ + +

Multiple vulnerabilities have been discovered in Poppler. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker, by enticing a user to open a specially crafted PDF, + could cause a Denial of Service condition or have other unspecified + impacts. +

+ + +

There is no known workaround at this time.

+ + +

All Poppler users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/poppler-0.61.1" + + + + + CVE-2017-1000456 + + CVE-2017-14975 + CVE-2017-14976 + CVE-2017-14977 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-04.xml new file mode 100644 index 0000000000..d12760a99d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-04.xml @@ -0,0 +1,63 @@ + + + + cURL: Multiple vulnerabilities + Multiple vulnerabilities have been found in cURL, the worst of + which could result in a Denial of Service condition. + + curl + 2018-04-08 + 2018-04-08 + 645698 + 650056 + remote + + + 7.59.0 + 7.59.0 + + + +

A command line tool and library for transferring data with URLs.

+ + +

Multiple vulnerabilities have been discovered in cURL. Please review the + CVE identifiers referenced below for details. +

+ + +

Remote attackers could cause a Denial of Service condition, obtain + sensitive information, or have other unspecified impacts. +

+ + +

There is no known workaround at this time.

+ + +

All cURL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-7.59.0" + + + + + CVE-2018-1000005 + + + CVE-2018-1000007 + + + CVE-2018-1000120 + + + CVE-2018-1000121 + + + CVE-2018-1000122 + + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-05.xml new file mode 100644 index 0000000000..fac50a830a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-05.xml @@ -0,0 +1,59 @@ + + + + ISC DHCP: Multiple vulnerabilities + Multiple vulnerabilities have been found in ISC DHCP, the worst of + which could allow for the remote execution of arbitrary code. + + dhcp + 2018-04-08 + 2018-04-08 + 644708 + 649010 + remote + + + 4.3.6_p1 + 4.3.6_p1 + + + +

ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.

+ + +

Multiple vulnerabilities have been discovered in ISC DHCP. Please review + the CVE identifiers referenced below for details. +

+ + +

Remote attackers could execute arbitrary code, cause a Denial of Service + condition, or have other unspecified impacts. +

+ + +

There are no known workarounds at this time for CVE-2018-5732 or + CVE-2018-5733. +

+ +

In accordance with upstream documentation, the recommended workaround + for CVE-2017-3144 is, “to disallow access to the OMAPI control port + from unauthorized clients (in accordance with best practices for server + operation).” +

+ + +

All DHCP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.3.6_p1" + + + + CVE-2017-3144 + CVE-2018-5732 + CVE-2018-5733 + + chrisadr + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-06.xml new file mode 100644 index 0000000000..a038c24231 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-06.xml @@ -0,0 +1,50 @@ + + + + mailx: Multiple vulnerabilities + Multiple vulnerabilities were discovered in mailx, the worst of + which may allow a remote attacker to execute arbitrary commands. + + mailx + 2018-04-08 + 2018-04-08 + 533208 + remote + + + 8.1.2.20160123 + 8.1.2.20160123 + + + +

A utility program for sending and receiving mail, also known as a Mail + User Agent program. +

+ + +

Multiple vulnerabilities have been discovered in mailx. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could execute arbitrary commands.

+ + +

There is no known workaround at this time.

+ + +

All mailx users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/mailx-8.1.2.20160123" + + + + CVE-2004-2771 + CVE-2014-7844 + + chrisadr + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-07.xml new file mode 100644 index 0000000000..e47a94f67e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-07.xml @@ -0,0 +1,50 @@ + + + + libvirt: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in libvirt, the worst + of which may result in the execution of arbitrary commands. + + libvirt + 2018-04-08 + 2018-04-08 + 647338 + 650018 + local + + + 4.1.0 + 4.1.0 + + + +

libvirt is a C toolkit for manipulating virtual machines.

+ + +

Multiple vulnerabilities have been discovered in libvirt. Please review + the CVE identifiers referenced below for details. +

+ + +

A local privileged attacker could execute arbitrary commands or cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libvirt users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-4.1.0" + + + + CVE-2018-5748 + CVE-2018-6764 + + chrisadr + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-08.xml new file mode 100644 index 0000000000..16b0315548 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-08.xml @@ -0,0 +1,61 @@ + + + + QEMU: Multiple vulnerabilities + Multiple vulnerabilities have been found in QEMU, the worst of + which may allow an attacker to execute arbitrary code. + + qemu + 2018-04-08 + 2018-04-08 + 629348 + 638506 + 643432 + 646814 + 649616 + local, remote + + + 2.11.1-r1 + 2.11.1-r1 + + + +

QEMU is a generic and open source machine emulator and virtualizer.

+ + +

Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +

+ + +

An attacker could execute arbitrary code, cause a Denial of Service + condition, or obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All QEMU users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.11.1-r1" + + + + CVE-2017-13672 + CVE-2017-15124 + CVE-2017-16845 + CVE-2017-17381 + CVE-2017-18030 + CVE-2017-18043 + CVE-2017-5715 + CVE-2018-5683 + CVE-2018-5748 + CVE-2018-7550 + + chrisadr + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-09.xml new file mode 100644 index 0000000000..ab4be11138 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-09.xml @@ -0,0 +1,50 @@ + + + + SPICE VDAgent: Arbitrary command injection + A vulnerability in SPICE VDAgent could allow local attackers to + execute arbitrary commands. + + spice,vdagent + 2018-04-08 + 2018-04-08 + 650020 + local + + + 0.17.0_p20180319 + 0.17.0_p20180319 + + + +

Provides a complete open source solution for remote access to virtual + machines in a seamless way so you can play videos, record audio, share + USB devices and share folders without complications. +

+ + +

SPICE VDAgent does not properly escape save directory before passing to + shell. +

+ + +

A local attacker could execute arbitrary commands.

+ + +

There is no known workaround at this time.

+ + +

All SPICE VDAgent users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulation/spice-vdagent-0.17.0_p20180319" + + + + CVE-2017-15108 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-10.xml new file mode 100644 index 0000000000..03b18e71fa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-10.xml @@ -0,0 +1,56 @@ + + + + Zend Framework: Multiple vulnerabilities + Multiple vulnerabilities have been found in Zend Framework, the + worst of which could allow attackers to remotely execute arbitrary + commands. + + zendframework + 2018-04-09 + 2018-04-09 + 604182 + remote + + + + 1.12.9 + + + +

Zend Framework is a high quality and open source framework for + developing Web Applications. +

+ + + +

Multiple vulnerabilities have been discovered in Zend Framework that + have remain unaddressed. Please review the referenced CVE identifiers for + details. +

+ + +

Remote attackers could execute arbitrary commands or conduct SQL + injection attacks. +

+ + +

There is no known workaround at this time.

+ + +

Gentoo has discontinued support for Zend Framework and recommends that + users unmerge the package: +

+ + + # emerge --unmerge "dev-php/ZendFramework" + + + + CVE-2016-10034 + CVE-2016-4861 + CVE-2016-6233 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index f381d5b1a3..a94b43e076 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Wed, 04 Apr 2018 14:08:19 +0000 +Mon, 09 Apr 2018 16:08:25 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index febf2abf42..bc06f32a40 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -e07af6df7a81524d31084c5565441abb9e572281 1522807580 2018-04-04T02:06:20+00:00 +fe69ca3972e43ebf2d1f70b51f3af6c00d73c35b 1523289669 2018-04-09T16:01:09+00:00