bump(metadata/glsa): sync with upstream

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest

@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 442809 BLAKE2B 4b7b795575911222fd7fe1e9f9900ced88b7957d15e08d5881ee7e2c91f556beb375085e3842469d53d9c216f6709039908e138283d8726731c25b7aa33c7861 SHA512 ad93d050cf3a9d3cfb5dbce463c01bff4a31f205a3d2773382f89e603197645720db7bb4b45496d26f019ef9161b89ce5d0e4aacd87f89dff11d9c1126c34c46
-TIMESTAMP 2019-04-25T12:38:57Z
+MANIFEST Manifest.files.gz 443284 BLAKE2B 24919ac10412f9b00a154077aa3622b6287002f3ca6c6ce41b9dc188e5a3fbe6270e9e94c4d7b17f66e6e4d6cad9250e459897ed52412efbc9dcf09ef673d16e SHA512 fa2eb00f68c25c2fbc1cebc5a053e0da1e8a554cb5db4bf38187ca24071873c7fdf6659c6bb2f5a4c74c591043d21a65999f7ff50b5d2e61317903c2e7499822
+TIMESTAMP 2019-08-03T15:09:02Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlzBqmFfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl1Fo45fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBddRAApp+I8/ZRSb23UWFHzE3qFH1Ai+R4R0KWeJjJG/tG3Sv8iLIWaHES/VIz
-06VSmJfuVZNrvQM/O3e93q/7RIne7Zc6f1Xu+dZ/khadIw+A47t/3CG1n85s9VxA
-G8sm6qNjMvfZtkXC/12JyzdkA87RDLkVXO/emVVXlsDomC35qCd6ZhYRpcoCLl/C
-dLh0UT12lbacJPOby5Q0MSNQgJ+1hFltwZ1ltQ4ATYMpFguX6f0RU1nhYv4E8hM1
-ABNqLpQbFWhHUxmYgNK5hN7M7SMMgOIYVvpRof4RwNF+kay5JVkTnCDdayErAjkd
-0A+aL/zatDXx1HyYjVRh39lKnw7aukQyyNzn6N+jpznsVvb8BJvhsiTl1h46134l
-a/RPfS4MwDH9fZHtwraZloR59BUTKYzuKie/pfMIdL/tPTAPqCeCSiDG9PROwIcV
-pz/fC6oXQYf/qZbIJOr6Z8jFE5dp4CSY3ubKEBKWY/NMthZ7z3gmofiUUvNAibzi
-1/1hOF0vVhND9yfF7p9mQxbBBO498xfhqSPAGYYct+XgWSVcPWzIm73f7p5kznxM
-D10IcXPwWsmX4e9iqu1vS1NNmxHH6lNDbLx+uIBDnlZL8rJ0GfMmHgKgBo4v+K8A
-x0SE72Ocl9O0524GhNk0lD9SsxsrRrdcsMj8T9LuSwrxMJIZIFI=
-=GeEM
+klAmfw//WiUkJtGO6f70EEkJWmF+jMQG+j1EynZt7Pf7AqyiwiOXiIC8kEG+oJSO
+DpE/0uzCgDFiwl2IXcjLVU06Dhsl+FhGr1yi3hvnBBmzealhObW114A6J/3T0Xig
+pheXUGPWCbPpTiPb51Xf+ZuAemzMlL40FzNLH/jZWnStBSucmWuBOZXvZgtR6Kvd
+39oT/xte46BpJzddJ3npX8aLOI03p42YGlfw3R3zI0KTrYtIWlq+5Ebjxput5H2d
+eZb0azrM07TwyLTpwqkKNwfmAFrrFT0B+b1zsiE20hwEmo1+0o3daHcLjEAblwee
+DeSKntSg7PDvWE8vwCPNFnmnbBw78gpC0bidRcv+z48vv6+GPGoBaDcBiozAa+x1
+OVENHoztc08j1Lv9FJqTJx0yPLnQsie9R5x4C92rFqOyKPDlUGEw0aQweWoQQBOD
+ls4q9XV9P3wc+pilTrzxEo/2Yu1J3AHCI3TsQ4ZZjPgK+WPkRZeyeqEM/Yp4450j
+/K/Dc47XXr2NiHxQMkf0Ytm/IatVemhntzdovKTNzoPqKiSsI3NwNvxNRb4pV3SI
+xTpM/ildMGEAy2X6KDHk6U8+FQjXIuy2Mn007qkPzGMxAPY9wC1l8/KL/tC7usJ3
+0JsXCUW/zHLdoLR3O99fPKI+u7W+Rrn5zWpUQ9xQQgTJ0p/8uek=
+=Omq0
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201906-01.xml

@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201906-01">
+  <title>Exim: Remote command execution</title>
+  <synopsis>A vulnerability in Exim could allow a remote attacker to execute
+    arbitrary commands.
+  </synopsis>
+  <product type="ebuild">exim</product>
+  <announced>2019-06-06</announced>
+  <revised count="1">2019-06-06</revised>
+  <bug>687336</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.92</unaffected>
+      <vulnerable range="lt">4.92</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exim is a message transfer agent (MTA) designed to be a a highly
+      configurable, drop-in replacement for sendmail.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in how Exim validates recipient addresses
+      in the deliver_message() function.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary commands by sending an email
+      with a specially crafted recipient address to the affected system.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.92"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10149">CVE-2019-10149</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-06-05T17:30:31Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-06-06T17:27:59Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-01.xml

@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-01">
+  <title>Binutils: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Binutils, the worst of
+    which may allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">binutils</product>
+  <announced>2019-08-03</announced>
+  <revised count="1">2019-08-03</revised>
+  <bug>672904</bug>
+  <bug>672910</bug>
+  <bug>674668</bug>
+  <bug>682698</bug>
+  <bug>682702</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-devel/binutils" auto="yes" arch="*">
+      <unaffected range="ge">2.32-r1</unaffected>
+      <vulnerable range="lt">2.32-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Binutils are a collection of tools to create, modify and analyse
+      binary files. Many of the files use BFD, the Binary File Descriptor
+      library, to do low-level manipulation.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Binutils. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to compile/execute a specially
+      crafted ELF, object, PE, or binary file, could possibly cause a Denial of
+      Service condition or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Binutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/binutils-2.32-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10372">CVE-2018-10372</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10373">CVE-2018-10373</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10534">CVE-2018-10534</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10535">CVE-2018-10535</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12641">CVE-2018-12641</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12697">CVE-2018-12697</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12698">CVE-2018-12698</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12699">CVE-2018-12699</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12700">CVE-2018-12700</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-13033">CVE-2018-13033</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19931">CVE-2018-19931</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19932">CVE-2018-19932</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20002">CVE-2018-20002</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20651">CVE-2018-20651</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-29T23:24:32Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-03T11:22:15Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-02.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-02">
+  <title>libpng: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libpng, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libpng</product>
+  <announced>2019-08-03</announced>
+  <revised count="1">2019-08-03</revised>
+  <bug>683366</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libpng" auto="yes" arch="*">
+      <unaffected range="ge" slot="0">1.6.37</unaffected>
+      <vulnerable range="lt" slot="0">1.6.37</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libpng is a standard library used to process PNG (Portable Network
+      Graphics) images. It is used by several programs, including web browsers
+      and potentially server processes.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libpng. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted PNG
+      file, could cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libpng users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libpng-1.6.37"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14048">CVE-2018-14048</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14550">CVE-2018-14550</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7317">CVE-2019-7317</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-27T06:35:05Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-08-03T11:26:12Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk

@@ -1 +1 @@
-Thu, 25 Apr 2019 12:38:53 +0000
+Sat, 03 Aug 2019 15:08:59 +0000

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit

@@ -1 +1 @@
-42c9d977ba183a5bc173b70ad145977fc6705eda 1556150376 2019-04-24T23:59:36+00:00
+0228c86b4f0e69207e66dbe5822dd7411fb99b01 1564831599 2019-08-03T11:26:39+00:00