bump(metadata/glsa): sync with upstream

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-05.xml

@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-05">
+  <title>FFmpeg: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FFmpeg, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">ffmpeg</product>
+  <announced>2017-05-09</announced>
+  <revised>2017-05-09: 1</revised>
+  <bug>608868</bug>
+  <bug>610810</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">3.2.4</unaffected>
+      <vulnerable range="lt">3.2.4</vulnerable>
+    </package>
+    <package name="media-plugins/gst-plugins-libav" auto="yes" arch="*">
+      <unaffected range="ge">1.10.4</unaffected>
+      <vulnerable range="lt">1.10.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FFmpeg is a complete, cross-platform solution to record, convert and
+      stream audio and video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FFmpeg. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+    
+    <p>gst-plugins-libav is affected because this package is bundling a
+      vulnerable FFmpeg version.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system using FFmpeg
+      to process a specially crafted file, resulting in the execution of
+      arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FFmpeg users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/ffmpeg-3.2.4"
+    </code>
+    
+    <p>All gst-plugins-libav users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-plugins/gst-plugins-libav-1.10.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5024">CVE-2017-5024</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5025">CVE-2017-5025</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-07T18:51:14Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-05-09T19:30:37Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-06.xml

@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-06">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2017-05-09</announced>
+  <revised>2017-05-09: 1</revised>
+  <bug>611976</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">45.8.0</unaffected>
+      <vulnerable range="lt">45.8.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">45.8.0</unaffected>
+      <vulnerable range="lt">45.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, bypass
+      access restriction, access otherwise protected information, or spoof
+      content via multiple vectors.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-45.8.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-45.8.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5398">CVE-2017-5398</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5400">CVE-2017-5400</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5401">CVE-2017-5401</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5402">CVE-2017-5402</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5404">CVE-2017-5404</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5405">CVE-2017-5405</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5407">CVE-2017-5407</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5408">CVE-2017-5408</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5410">CVE-2017-5410</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-26T01:32:17Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-09T19:36:09Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-07.xml

@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-07">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">thunderbird,mozilla</product>
+  <announced>2017-05-09</announced>
+  <revised>2017-05-09: 1</revised>
+  <bug>611954</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">45.8.0</unaffected>
+      <vulnerable range="lt">45.8.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">45.8.0</unaffected>
+      <vulnerable range="lt">45.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted email
+      or web page, could possibly execute arbitrary code with the privileges of
+      the process, cause a Denial of Service condition, spoof content or obtain
+      sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-45.8.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-45.8.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5398">CVE-2017-5398</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5400">CVE-2017-5400</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5401">CVE-2017-5401</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5402">CVE-2017-5402</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5404">CVE-2017-5404</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5405">CVE-2017-5405</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5407">CVE-2017-5407</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5408">CVE-2017-5408</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5410">CVE-2017-5410</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-06T17:25:08Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-05-09T19:41:25Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-08.xml

@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-08">
+  <title>libav: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libav, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libav</product>
+  <announced>2017-05-09</announced>
+  <revised>2017-05-09: 1</revised>
+  <bug>552320</bug>
+  <bug>571870</bug>
+  <bug>600706</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/libav" auto="yes" arch="*">
+      <unaffected range="ge">11.8</unaffected>
+      <vulnerable range="lt">11.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Libav is a complete solution to record, convert and stream audio and
+      video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libav. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file in an application linked against libav, possibly resulting in
+      execution of arbitrary code with the privileges of the application, a
+      Denial of Service condition or access the content of arbitrary local
+      files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libav users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/libav-11.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3395">CVE-2015-3395</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3417">CVE-2015-3417</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1897">CVE-2016-1897</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1898">CVE-2016-1898</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2326">CVE-2016-2326</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3062">CVE-2016-3062</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-19T06:09:28Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-09T19:51:34Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-09.xml

@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-09">
+  <title>Apache Tomcat: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache Tomcat, the
+    worst of which could lead to privilege escalation.
+  </synopsis>
+  <product type="ebuild">tomcat</product>
+  <announced>2017-05-18</announced>
+  <revised>2017-05-18: 1</revised>
+  <bug>575796</bug>
+  <bug>586966</bug>
+  <bug>595978</bug>
+  <bug>615868</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-servers/tomcat" auto="yes" arch="*">
+      <unaffected range="ge">8.0.36</unaffected>
+      <unaffected range="ge">7.0.70</unaffected>
+      <vulnerable range="lt">8.0.36</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Tomcat. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker may be able to cause a Denial of Service condition,
+      obtain sensitive information, bypass protection mechanisms and
+      authentication restrictions.
+    </p>
+    
+    <p>A local attacker, who is a tomcat’s system user or belongs to
+      tomcat’s group, could potentially escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache Tomcat users have to manually check their Tomcat runscripts
+      to make sure that they don’t use an old, vulnerable runscript. In
+      addition:
+    </p>
+    
+    <p>All Apache Tomcat 7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-7.0.70:7"
+    </code>
+    
+    <p>All Apache Tomcat 8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-8.0.36:8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5174">CVE-2015-5174</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5345">CVE-2015-5345</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5346">CVE-2015-5346</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5351">CVE-2015-5351</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0706">CVE-2016-0706</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0714">CVE-2016-0714</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0763">CVE-2016-0763</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1240">CVE-2016-1240</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3092">CVE-2016-3092</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8745">CVE-2016-8745</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5647">CVE-2017-5647</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5648">CVE-2017-5648</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5650">CVE-2017-5650</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5651">CVE-2017-5651</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-19T05:58:37Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-18T01:49:59Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-10.xml

@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-10">
+  <title>GStreamer plug-ins: User-assisted execution of arbitrary code</title>
+  <synopsis>Multiple vulnerabilities have been found in various GStreamer
+    plug-ins, the worst of which could lead to the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gstreamer,gst-plugins</product>
+  <announced>2017-05-18</announced>
+  <revised>2017-05-18: 1</revised>
+  <bug>600142</bug>
+  <bug>601354</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/gst-plugins-bad" auto="yes" arch="*">
+      <unaffected range="ge">1.10.3</unaffected>
+      <vulnerable range="lt">1.10.3</vulnerable>
+    </package>
+    <package name="media-libs/gst-plugins-good" auto="yes" arch="*">
+      <unaffected range="ge">1.10.3</unaffected>
+      <vulnerable range="lt">1.10.3</vulnerable>
+    </package>
+    <package name="media-libs/gst-plugins-base" auto="yes" arch="*">
+      <unaffected range="ge">1.10.3</unaffected>
+      <vulnerable range="lt">1.10.3</vulnerable>
+    </package>
+    <package name="media-libs/gst-plugins-ugly" auto="yes" arch="*">
+      <unaffected range="ge">1.10.3</unaffected>
+      <vulnerable range="lt">1.10.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GStreamer plug-ins provide decoders to the GStreamer open source
+      media framework.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in various GStreamer
+      plug-ins. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user or automated system using a
+      GStreamer plug-in to process a specially crafted file, resulting in the
+      execution of arbitrary code or a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All gst-plugins-bad users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/gst-plugins-bad-1.10.3:1.0"
+    </code>
+    
+    <p>All gst-plugins-good users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/gst-plugins-good-1.10.3:1.0"
+    </code>
+    
+    <p>All gst-plugins-base users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/gst-plugins-base-1.10.3:1.0"
+    </code>
+    
+    <p>All gst-plugins-ugly users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/gst-plugins-ugly-1.10.3:1.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10198">
+      CVE-2016-10198
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10199">
+      CVE-2016-10199
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9445">CVE-2016-9445</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9446">CVE-2016-9446</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9447">CVE-2016-9447</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9634">CVE-2016-9634</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9635">CVE-2016-9635</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9636">CVE-2016-9636</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9807">CVE-2016-9807</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9808">CVE-2016-9808</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9809">CVE-2016-9809</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9810">CVE-2016-9810</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9811">CVE-2016-9811</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9812">CVE-2016-9812</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9813">CVE-2016-9813</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5837">CVE-2017-5837</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5838">CVE-2017-5838</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5839">CVE-2017-5839</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5840">CVE-2017-5840</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5841">CVE-2017-5841</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5842">CVE-2017-5842</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5843">CVE-2017-5843</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5844">CVE-2017-5844</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5845">CVE-2017-5845</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5846">CVE-2017-5846</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5847">CVE-2017-5847</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5848">CVE-2017-5848</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-07T18:49:56Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-05-18T02:03:55Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-11.xml

@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-11">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could allow for privilege escalation.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2017-05-26</announced>
+  <revised>2017-05-26: 1</revised>
+  <bug>615980</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.7.2-r1</unaffected>
+      <vulnerable range="lt">4.7.2-r1</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.7.2</unaffected>
+      <vulnerable range="lt">4.7.2</vulnerable>
+    </package>
+    <package name="app-emulation/xen-pvgrub" auto="yes" arch="*">
+      <unaffected range="ge">4.7.2</unaffected>
+      <vulnerable range="lt">4.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers and Xen Security Advisory referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could potentially execute arbitrary code with
+      privileges of Xen (QEMU) process on the host, gain privileges on the host
+      system, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.7.2-r1:0"
+    </code>
+    
+    <p>All Xen Tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-tools-4.7.2:0"
+    </code>
+    
+    <p>All Xen pvgrub users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-pvgrub-4.7.2:0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8903">CVE-2017-8903</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8904">CVE-2017-8904</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8905">CVE-2017-8905</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-11T07:53:09Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-26T06:07:35Z">BlueKnight</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-12.xml

@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-12">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2017-05-26</announced>
+  <revised>2017-05-26: 1</revised>
+  <bug>617968</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">25.0.0.171</unaffected>
+      <vulnerable range="lt">25.0.0.171</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-25.0.0.171 :22"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3068">CVE-2017-3068</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3069">CVE-2017-3069</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3070">CVE-2017-3070</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3071">CVE-2017-3071</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3072">CVE-2017-3072</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3073">CVE-2017-3073</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3074">CVE-2017-3074</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-11T07:37:48Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-26T06:07:53Z">BlueKnight</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-13.xml

@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-13">
+  <title>Teeworlds: Remote execution of arbitrary code on client</title>
+  <synopsis>Teeworlds client vulnerability in snap handling could result in
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">teeworlds</product>
+  <announced>2017-05-26</announced>
+  <revised>2017-05-26: 2</revised>
+  <bug>600178</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-action/teeworlds" auto="yes" arch="*">
+      <unaffected range="ge">0.6.4</unaffected>
+      <vulnerable range="lt">0.6.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Teeworlds is an online multi-player platform 2D shooter.</p>
+  </background>
+  <description>
+    <p>Teeworlds client contains a vulnerability allowing a malicious server to
+      execute arbitrary code, or write to arbitrary physical memory via the
+      CClient::ProcessServerPacket method.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote malicious server can write to arbitrary physical memory
+      locations and possibly execute arbitrary if a vulnerable client joins the
+      server.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Teeworlds users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=games-action/teeworlds-0.6.4:0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9400">CVE-2016-9400</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-09T06:08:59Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-26T06:22:30Z">BlueKnight</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-14.xml

@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-14">
+  <title>Smb4K: Arbitrary command execution as root</title>
+  <synopsis>A vulnerability in Smb4K could allow local attackers to execute
+    commands as root.
+  </synopsis>
+  <product type="ebuild">smb4k</product>
+  <announced>2017-05-26</announced>
+  <revised>2017-05-26: 2</revised>
+  <bug>618106</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/smb4k" auto="yes" arch="*">
+      <unaffected range="ge">1.2.3-r1</unaffected>
+      <vulnerable range="lt">1.2.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Smb4K is a SMB/CIFS (Windows) share browser for KDE.</p>
+  </background>
+  <description>
+    <p>Smb4k contains a logic flaw in which mount helper binary does not
+      properly verify the mount command it is being asked to run.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local user can execute commands with the root privilege due to the
+      mount helper being installed as suid.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Smb4K users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/smb4k-1.2.3-r1:4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8849">CVE-2017-8849</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-12T04:22:20Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-05-26T12:18:57Z">BlueKnight</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-15.xml

@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201705-15">
+  <title>sudo: Privilege escalation</title>
+  <synopsis>A vulnerability in sudo allows local users to gain root privileges.</synopsis>
+  <product type="ebuild">sudo,privilege</product>
+  <announced>2017-05-30</announced>
+  <revised>2017-05-30: 1</revised>
+  <bug>620182</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.8.20_p1</unaffected>
+      <vulnerable range="lt">1.8.20_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sudo (su “do”) allows a system administrator to delegate authority
+      to give certain users (or groups of users) the ability to run some (or
+      all) commands as root or another user while providing an audit trail of
+      the commands and their arguments.
+    </p>
+  </background>
+  <description>
+    <p>Qualys discovered a vulnerability in sudo’s get_process_ttyname() for
+      Linux, that via sudo_ttyname_scan() can be directed to use a
+      user-controlled, arbitrary tty device during its traversal of “/dev”
+      by utilizing the world-writable /dev/shm.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker can pretend that his tty is any character device on the
+      filesystem, and after two race conditions, an attacker can pretend that
+      the controlled tty is any file on the filesystem allowing for privilege
+      escalation
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sudo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.8.20_p1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000367">
+      CVE-2017-1000367
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-05-30T07:27:08Z">K_F</metadata>
+  <metadata tag="submitter" timestamp="2017-05-30T15:17:59Z">K_F</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk

@@ -1 +1 @@
-Mon, 08 May 2017 18:09:03 +0000
+Wed, 31 May 2017 20:08:57 +0000

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit

@@ -1 +1 @@
-897a88bc971653dc30260f5432ee7d29adee1c07 1494188470 2017-05-07T20:21:10+00:00
+742dfe25646ca49d62bb5f6452a3600f934c798d 1496157625 2017-05-30T15:20:25+00:00