bump(metadata/glsa): sync with upstream

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest

@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 425353 BLAKE2B ec410f73e8160a04f1e8d9ba24f8a9a7403de8d80de422b45237ee3d29412684c7b01eb6c65076d2a0e39e2a5a031fa3a30e25eaf8291e44c92b9e9e62cb3412 SHA512 f41e2315afb547d2663e7d73d1c71ddccb41cbcb981f32843e47a742285e23731f0c982f66fc7df7697259b315666ee38e690923c6014e4574c7d7496b96947a
-TIMESTAMP 2018-06-02T01:38:31Z
+MANIFEST Manifest.files.gz 425986 BLAKE2B 7d85d5d425d6a32154acb4a6caf5510b1727824049e4d280e4ce24df212ed1afbd08799a2cc7c144ede280b60154612e1328ddb782e47076fb1ea7af095c3b33 SHA512 e30fd9fcd31461c74df766927e752a6d54f7b8d0fbbb414546d1dea373dbc0058af9ac0adc109de0105cbe98d3ae59802a6ade9f2b520edf7cc1b52ea112c9a9
+TIMESTAMP 2018-06-15T14:08:28Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlsR9RdfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlsjyFxfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDiVQ/9Hynr5LjtFvhMkIAi1jYrkkehZsySmuf6AHTf9nzsQAzijTJMzYMpS+Mi
-Cd7Vl91YaL6+pd42/X7G+0QPoJpWsNlo+uzRnbfBHpGURF4BIVQq3v6fDV6tm3ue
-osQh9goeu40hQUj0XT3YI4filYi1WCm0jrUFcXl+Y2Pk97v6/qo4jtS/jzu+au9m
-QKAWpIU43CUYEoiYb4Ll31UN2qwrCmSGGM66iHXenVr6u8uf4Ztco3kO/7iUTJT6
-waB+dJQc4tqgDLPpW/GUgrPyArxTXk7jv4ecMhbARByDc/mHwjq8VaGdsWns4fRt
-42w8DzGjoKxUO2dFKH7s0VVfI4FGSKF9g6hEDjpbmiYA1kD0zKz0sTmsikl20UuT
-DAalneB6x5c+mH/LEfTw8gM1XfEjj1LbKzMVK9OJuyf1Tv0ONmSbhhHPiLvBJ1oa
-qpGgPQ7wC6zX4A939k/mCOFmbJiuQAMMduHNOwDBh9KKfPTE+3myhlRRVTpCrKMh
-Ipq+FH7TB9RnQv+xS8d/fP8LBU7wiPfpZWbvP/31HZa+nKBesqWo0wEXcQmctF9B
-CsJTVCgyNN8prp5B2u7kix7/hOM/ToCSsaXYakEoMGeXFrJhtGE6mz0CE6m66xgq
-v5LGX3XyY7vZhto6aKzbnzPrlswgDViv+5cH+7n341f62FKe8mw=
-=lhbu
+klAkwA/8ChJECpIRk5gmCmKn1xNCzV659hqpFaLZqDxf5Gggj0CgwpILgPJXJBcs
+iMrFknc1+xchT8K7GtMVdQkXGrvMFcSha3JP1nGVnI8roHE8hZTNSuZgW8yUfHNa
+hbAMK8hI/Ztqtluvg/OreYBSUpoFNqs4tP1nqUg+3HNALyf/5+DinIHBEvVRJEnP
+9fwc8ZL80yQKGPlF/gq62LnxwqlwU+Mtr9LSJ5SaD6HReGyMxx2X0SQ1JZgvZx2P
+Ef5I2AX8nR+JQHREfAEo3lAhlPMgVEsMFGXGj2epNe+QWI0zIOrPzn3ytjngbGNE
++EjzF7WV068lgDHWigxHpQHIIVKb9ggr5DxtBoogAgh480cbPOoR+HZ6AhD9Wdj6
+OI43kL6kbFaDce+cpDYNrtw+3155SHxFFv1ypq/tFy2gu0ZRKnWQxvorOAo8FgxQ
+IACVnylDcaxZfOig3taRBbt28sjrnn+tI7QpxombxAtqMT53HUUgTGew41Np9Yeo
+rPvswffVjHHrbGBzhzF8sJdB+IvJ5fTkjrQIF8x74GfwIqfW4sUO8Ol3gLh6kCwo
+XqkvsYPIRs4Q5Z08MWXe6pahxEridUv1aUi6ReO5BXA82+nroUSmct0n7zxdNHda
+hSfH1r9EhH+8x/BoFDrIh/BPJAiSRIKuHKDphdobn8z431Kd/N8=
+=kkM7
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201806-01.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-01">
+  <title>GNU Wget: Cookie injection</title>
+  <synopsis>A vulnerablity in GNU Wget could allow arbitrary cookies to be
+    injected.
+  </synopsis>
+  <product type="ebuild">wget</product>
+  <announced>2018-06-13</announced>
+  <revised count="1">2018-06-13</revised>
+  <bug>655216</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/wget" auto="yes" arch="*">
+      <unaffected range="ge">1.19.5</unaffected>
+      <vulnerable range="lt">1.19.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Wget is a free software package for retrieving files using HTTP,
+      HTTPS and FTP, the most widely-used Internet protocols.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in GNU Wget’s resp_new function which
+      does not validate \r\n sequences in continuation lines.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could inject arbitrary cookie entry requests.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Wget users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.19.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0494">CVE-2018-0494</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-06-12T02:50:06Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-06-13T20:52:56Z">irishluck83</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201806-02.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-02">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2018-06-13</announced>
+  <revised count="1">2018-06-13</revised>
+  <bug>656230</bug>
+  <bug>657564</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">30.0.0.113</unaffected>
+      <vulnerable range="lt">30.0.0.113</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-30.0.0.113"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4944">CVE-2018-4944</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4945">CVE-2018-4945</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5000">CVE-2018-5000</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5001">CVE-2018-5001</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5002">CVE-2018-5002</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-06-09T15:32:29Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-06-13T20:54:22Z">irishluck83</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201806-03.xml

@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-03">
+  <title>BURP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were discovered in BURP's Gentoo ebuild,
+    the worst of which could lead to root privilege escalation.
+  </synopsis>
+  <product type="ebuild">burp</product>
+  <announced>2018-06-13</announced>
+  <revised count="1">2018-06-13</revised>
+  <bug>628770</bug>
+  <bug>641842</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-backup/burp" auto="yes" arch="*">
+      <unaffected range="ge">2.1.32</unaffected>
+      <vulnerable range="lt">2.1.32</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A network backup and restore program.</p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s BURP ebuild does not properly set
+      permissions or place the pid file in a safe directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>Users should ensure the proper permissions are set as discussed in the
+      referenced bugs.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All BURP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-backup/burp-2.1.32"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18284">CVE-2017-18284</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18285">CVE-2017-18285</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-29T13:34:12Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-06-13T20:55:37Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201806-04.xml

@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-04">
+  <title>Quassel: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Quassel, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">net-irc/quassel</product>
+  <announced>2018-06-14</announced>
+  <revised count="1">2018-06-14</revised>
+  <bug>653834</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/quassel" auto="yes" arch="*">
+      <unaffected range="ge">0.12.5</unaffected>
+      <vulnerable range="lt">0.12.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Quassel is a Qt4/KDE4 IRC client suppporting a remote daemon for 24/7
+      connectivity.
+    </p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Quassel. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause arbitrary code execution or a Denial of
+      Service condition.
+    </p>
+    
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Quassel users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/quassel-0.12.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000178">
+      CVE-2018-1000178
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000179">
+      CVE-2018-1000179
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-06-05T01:35:09Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-06-14T02:22:47Z">irishluck83</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk

@@ -1 +1 @@
-Sat, 02 Jun 2018 01:38:28 +0000
+Fri, 15 Jun 2018 14:08:24 +0000

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit

@@ -1 +1 @@
-e1eed7ae3b27f8139b508d9d14861c4437216138 1527689205 2018-05-30T14:06:45+00:00
+4cb84c65fba89ce4840b325b360cc5346c9677f2 1528942991 2018-06-14T02:23:11+00:00