Merge pull request #701 from dm0-/glsa

bump(metadata/glsa): sync with upstream

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest

@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 432816 BLAKE2B ffc51d9d6189a74448d697e9117b9d48ac11f78285f07bebf95748ef06b6de287ff57ccd0eacc079346214a7630326fe3cc9033eb49d954bdf89ab01636d563f SHA512 0f045c6288501be1d56081cf19122e140f88c85377d2e1cb644335ff5012aa0b17f2efb26628ac147bd855a3938417208e38699db1e2a93adfa25b48a039e20f
-TIMESTAMP 2018-11-27T13:38:37Z
+MANIFEST Manifest.files.gz 433135 BLAKE2B 08bfc4178f110d18daf9e50c33952a85a482c64d23c2c125c97f8cec66852a409145a06cdb11a9133f11f551652f71ca3c6cff6f9ad86e0e250b41b9cd1b5224 SHA512 68d673cc2f0e4949c03c21be733250173baa6252b489b636a97186f2e5bd182f13f09c79c29136d620f6ec56097de0dd794676970976fc7c502ce23ac7fe7e66
+TIMESTAMP 2018-11-29T02:38:38Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlv9SN1fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlv/US5fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAulQ//f9ND1KFVjkLzU4ytxBc3GTwtOeuXSNFm6Yvoa9lK7x9k62mdnIck/Wvr
-aZ7BVg9W3H4Btfj+XRxtGWGivYBSqgFXdm+IcZhkEPFJGh17lr/JZ+fVH+LS7aa9
-j2++/ytxExqZfqxHjKiNn+/H6ljVrKeVXHnIW4UxZ7mulgv6dFI/SKv67NmyaB25
-Kf627Sp74bqgHApDaMeGj7V94F7MieiRSfxlg+bDIf/clJzPXoDkWQ1pftpTfTNj
-3KPSpK0IGlt0j7H3VDHhH5RY6yytP9+uTWTcKW3E26VvBdIGTNkDz7czZiWaFQ7G
-Qs2nEseBC1KKcj3fqJ658s4GmLXhBHSndzNmF1F98EJ6gLRXTsFIVCt3SsE6OdAv
-oSBa1b5rYuSYRy0b/Ca2ZrW8JAjEtq1ziIKYtuAFBi6d/C/iV6ua0zvCFwXpAodq
-fsWBcNCTwtG3Qsi0cl8D/W6XURq/LQhoY8NYqevJl4SSqXfLDA+xRs4wmII2hw/U
-J81DH9wxHYh2X2kEK/gXx1+5TA7a0GcREn/vf1swt4Gf8AbZs6Wfmb4cw4LY0Mx8
-etPm2Y1lYIcAVjpvoMycqk6F01k8sBlKf3/DkES/6tdb7irqt8vrk/D0qMVguuzg
-VGuXVEyInwy9JD9x7MCim438WxftFrLa0lJAxWV/Ubr/QoJe70g=
-=zIg0
+klBVPxAAtqZBAZOfA5rfftfNz/J8MfutHu4vqupcbntkksfNWVH+TqgKpG1cEnpt
+Ej5fl0F4dAYBS/O3jO3eS/K6aNqKGpbYtOu2N3U4Hi9hb427AobakMjuSnIWWalr
+L546Wto4+JvFZZeuEdlHVwZk1RE2g/9itzrlW+yKayCnSnXAUxz+jGE9Tv2FjlUG
+OBu6aqh1W3tNj49gCVfvgGZICm9w7d0AdNyN5sVDaU7eOPTHxCxOLHoIsa8mnbA4
+N/s9JuCccLXpKwE9w774+/kidFcHvc88v9Bd8BcIJTtFkGILkD+qdZy1o/50iufh
+H/GATcmP+VgLdbydrQ7Dp5y37jZfXeFUVbZrKb3wjP3jR9qsAFmaJm8H4SBVsdnX
+owiEoZQRuCMvE+885UGP3vszAQ5lyS/Z4Tcp/KQim8rxPSrXu/98g1fFnwzynCzd
+3CEHXc0U2M0zSO8vPdpcLqxGpxikXjSSEGlR3m7WaHjHkSqZIeD28q88qCWGPsQC
+8kkzs5uObEOIj6k9EXJmo6nnKmYNh97InQV5ryurzuhYfHY2UTDU1J6qAIALu4/9
+yNqlx8ljo42MVva9V6RmevmdL9Jh0+JQgRLgYeWCtsHYKxKqVBUB+BCgd5f44e+E
+LdJAP1sNWAbODF4Ju1bmyf2FBrJA+3eFmLnSeWjVQt9TqsJE9E8=
+=RYxc
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-21.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-21">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL, the worst of
+    which may lead to a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2018-11-28</announced>
+  <revised count="1">2018-11-28</revised>
+  <bug>651730</bug>
+  <bug>653434</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2o</unaffected>
+      <vulnerable range="lt">1.0.2o</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is a robust, commercial-grade, and full-featured toolkit for the
+      Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition, obtain
+      private keying material, or gain access to sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2o"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0733">CVE-2018-0733</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0737">CVE-2018-0737</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0739">CVE-2018-0739</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-25T03:10:27Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-11-28T22:43:29Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-22.xml

@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-22">
+  <title>RPM: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in RPM, the worst of which
+    could allow a remote attacker to escalate privileges.
+  </synopsis>
+  <product type="ebuild">rpm</product>
+  <announced>2018-11-28</announced>
+  <revised count="1">2018-11-28</revised>
+  <bug>533740</bug>
+  <bug>638636</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/rpm" auto="yes" arch="*">
+      <unaffected range="ge">4.14.1</unaffected>
+      <vulnerable range="lt">4.14.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Red Hat Package Manager (RPM) is a command line driven package
+      management system capable of installing, uninstalling, verifying,
+      querying, and updating computer software packages.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in RPM. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing the user to process a specially crafted
+      RPM file, could escalate privileges, execute arbitrary code, or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All RPM users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/rpm-4.14.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2013-6435">CVE-2013-6435</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2014-8118">CVE-2014-8118</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7501">CVE-2017-7501</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-25T01:24:35Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-11-28T22:52:35Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk

@@ -1 +1 @@
-Tue, 27 Nov 2018 13:38:33 +0000
+Thu, 29 Nov 2018 02:38:34 +0000

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit

@@ -1 +1 @@
-374d0d9fa63a3f974ca84f27375c342d75caaf3c 1543284372 2018-11-27T02:06:12+00:00
+948748bd6e80dceb3f96d8040bee52380c2f2fe8 1543445572 2018-11-28T22:52:52+00:00