From c466ed4f477b522f0dd96eba652f3b2782b20105 Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Mon, 23 Oct 2017 11:29:42 -0700
Subject: [PATCH 1/2] bump(metadata/glsa): sync with upstream

---
 .../metadata/glsa/glsa-201710-21.xml          |  50 +++++++
 .../metadata/glsa/glsa-201710-22.xml          |  51 +++++++
 .../metadata/glsa/glsa-201710-23.xml          |  55 ++++++++
 .../metadata/glsa/glsa-201710-24.xml          | 131 ++++++++++++++++++
 .../metadata/glsa/glsa-201710-25.xml          |  69 +++++++++
 .../metadata/glsa/glsa-201710-26.xml          | 114 +++++++++++++++
 .../metadata/glsa/glsa-201710-27.xml          |  68 +++++++++
 .../metadata/glsa/timestamp.chk               |   2 +-
 .../metadata/glsa/timestamp.commit            |   2 +-
 9 files changed, 540 insertions(+), 2 deletions(-)
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-21.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-22.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-23.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-24.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-25.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-26.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-27.xml

diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-21.xml
new file mode 100644
index 0000000000..adb110274d
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-21.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-21">
+  <title>Kodi: Arbitrary code execution </title>
+  <synopsis>An integer overflow vulnerability in Kodi could result in remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">kodi</product>
+  <announced>2017-10-22</announced>
+  <revised>2017-10-22: 1</revised>
+  <bug>622384</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-tv/kodi" auto="yes" arch="*">
+      <unaffected range="ge">17.3-r1</unaffected>
+      <vulnerable range="lt">17.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Kodi is a free and open source media-center and entertainment hub
+      previously known as XBMC.
+    </p>
+  </background>
+  <description>
+    <p>Kodi is vulnerable due to shipping with an embedded version of UnRAR.
+      Please review the referenced CVE identifier for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specifically crafted
+      RAR file, could execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Kodi users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-tv/kodi-17.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2012-6706">CVE-2012-6706</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-18T03:54:48Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-10-22T00:24:12Z">jmbailey</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-22.xml
new file mode 100644
index 0000000000..c676b3f4ad
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-22.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-22">
+  <title>Adobe Flash Player: Remote execution of arbitrary code</title>
+  <synopsis>A vulnerability in Adobe Flash Player might allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobeflash</product>
+  <announced>2017-10-22</announced>
+  <revised>2017-10-22: 1</revised>
+  <bug>634456</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">27.0.0.170</unaffected>
+      <vulnerable range="lt">27.0.0.170</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>A  critical type confusion vulnerability was discovered in Adobe Flash
+      Player.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-27.0.0.170"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11292">
+      CVE-2017-11292
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-16T21:42:03Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-10-22T00:27:40Z">b-man</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-23.xml
new file mode 100644
index 0000000000..cc6aa8ba3a
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-23.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-23">
+  <title>Go: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Go, the worst of which
+    may result in the execution of arbitrary commands.
+  </synopsis>
+  <product type="ebuild">go</product>
+  <announced>2017-10-23</announced>
+  <revised>2017-10-23: 1</revised>
+  <bug>632408</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/go" auto="yes" arch="*">
+      <unaffected range="ge">1.9.1</unaffected>
+      <vulnerable range="lt">1.9.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Go is an open source programming language that makes it easy to build
+      simple, reliable, and efficient software.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Go. Please review the
+      references below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary Go commands or conduct a man in
+      the middle attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Go users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/go-1.9.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15041">
+      CVE-2017-15041
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15042">
+      CVE-2017-15042
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-16T22:06:50Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2017-10-23T01:03:41Z">b-man</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-24.xml
new file mode 100644
index 0000000000..4be2b2d87b
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-24.xml
@@ -0,0 +1,131 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-24">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium,chrome</product>
+  <announced>2017-10-23</announced>
+  <revised>2017-10-23: 1</revised>
+  <bug>634664</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">62.0.3202.62</unaffected>
+      <vulnerable range="lt">62.0.3202.62</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">62.0.3202.62</unaffected>
+      <vulnerable range="lt">62.0.3202.62</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, bypass
+      content security controls, or conduct URL spoofing.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-62.0.3202.62"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-62.0.3202.62"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15386">
+      CVE-2017-15386
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15387">
+      CVE-2017-15387
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15388">
+      CVE-2017-15388
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15389">
+      CVE-2017-15389
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15390">
+      CVE-2017-15390
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15391">
+      CVE-2017-15391
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15392">
+      CVE-2017-15392
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15393">
+      CVE-2017-15393
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15394">
+      CVE-2017-15394
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15395">
+      CVE-2017-15395
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5124">
+      CVE-2017-5124
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5125">
+      CVE-2017-5125
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5126">
+      CVE-2017-5126
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5127">
+      CVE-2017-5127
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5128">
+      CVE-2017-5128
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5129">
+      CVE-2017-5129
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5130">
+      CVE-2017-5130
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5131">
+      CVE-2017-5131
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5132">
+      CVE-2017-5132
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5133">
+      CVE-2017-5133
+    </uri>
+    <uri link="https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html">
+      Google Chrome Releases
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-20T19:48:32Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-23T01:10:56Z">chrisadr</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-25.xml
new file mode 100644
index 0000000000..b21d81a002
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-25.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-25">
+  <title>PCRE: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the PCRE Library, the
+    worst of which may allow remote attackers to cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">libpcre</product>
+  <announced>2017-10-23</announced>
+  <revised>2017-10-23: 1</revised>
+  <bug>614048</bug>
+  <bug>614052</bug>
+  <bug>614054</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libpcre" auto="yes" arch="*">
+      <unaffected range="ge">8.41</unaffected>
+      <vulnerable range="lt">8.41</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The PCRE Library provides functions for Perl-compatible regular
+      expressions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in The PCRE Library.
+      Please review the references below for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition or
+      other unspecified impacts via a specially crafted file.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PCRE users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libpcre-8.41"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying some of these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7186">
+      CVE-2017-7186
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7244">
+      CVE-2017-7244
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7245">
+      CVE-2017-7245
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7246">
+      CVE-2017-7246
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-18T23:44:30Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-23T01:19:24Z">chrisadr</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-26.xml
new file mode 100644
index 0000000000..ecbdd99167
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-26.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-26">
+  <title>OpenJPEG: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenJPEG, the worst of
+    which may allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">openjpeg</product>
+  <announced>2017-10-23</announced>
+  <revised>2017-10-23: 1</revised>
+  <bug>602180</bug>
+  <bug>606618</bug>
+  <bug>628504</bug>
+  <bug>629372</bug>
+  <bug>629668</bug>
+  <bug>630120</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/openjpeg" auto="yes" arch="*">
+      <unaffected range="ge" slot="2">2.3.0</unaffected>
+      <vulnerable range="lt" slot="2">2.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenJPEG is an open-source JPEG 2000 library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenJPEG. Please review
+      the references below for details.
+    </p>
+    
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, via a crafted BMP, PDF, or j2k document, could
+      execute arbitrary code, cause a Denial of Service condition, or have
+      other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenJPEG users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/openjpeg-2.3.0:2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10504">
+      CVE-2016-10504
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10505">
+      CVE-2016-10505
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10506">
+      CVE-2016-10506
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10507">
+      CVE-2016-10507
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1626">
+      CVE-2016-1626
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1628">
+      CVE-2016-1628
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9112">
+      CVE-2016-9112
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9113">
+      CVE-2016-9113
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9114">
+      CVE-2016-9114
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9115">
+      CVE-2016-9115
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9116">
+      CVE-2016-9116
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9117">
+      CVE-2016-9117
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9118">
+      CVE-2016-9118
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9572">
+      CVE-2016-9572
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9573">
+      CVE-2016-9573
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9580">
+      CVE-2016-9580
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9581">
+      CVE-2016-9581
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12982">
+      CVE-2017-12982
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14039">
+      CVE-2017-14039
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14164">
+      CVE-2017-14164
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-22T00:00:11Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-23T01:39:09Z">chrisadr</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-27.xml
new file mode 100644
index 0000000000..489a0d9e00
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201710-27.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201710-27">
+  <title>Dnsmasq: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Dnsmasq, the worst of
+    which may allow remote attackers to execute arbitrary code.
+    
+  </synopsis>
+  <product type="ebuild">dnsmasq</product>
+  <announced>2017-10-23</announced>
+  <revised>2017-10-23: 1</revised>
+  <bug>632692</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/dnsmasq" auto="yes" arch="*">
+      <unaffected range="ge">2.78</unaffected>
+      <vulnerable range="lt">2.78</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP
+      server.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Dnsmasq. Please review
+      the references below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary code or cause a Denial of
+      Service condition via crafted DNS, IPv6, or DHCPv6 packets.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dnsmasq users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/dnsmasq-2.78"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491">
+      CVE-2017-14491
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492">
+      CVE-2017-14492
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493">
+      CVE-2017-14493
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494">
+      CVE-2017-14494
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495">
+      CVE-2017-14495
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496">
+      CVE-2017-14496
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-10-22T23:49:34Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2017-10-23T01:46:04Z">chrisadr</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
index 81719f848a..6b302d3bf2 100644
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Wed, 18 Oct 2017 18:39:05 +0000
+Mon, 23 Oct 2017 17:39:28 +0000
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
index 5e2249358c..350c70c794 100644
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-8c9b32528b910251b1fe3992838c97ba223db5d7 1508289507 2017-10-18T01:18:27+00:00
+3c64211d24fa5a633310d841c0bd5cddc991cc02 1508723227 2017-10-23T01:47:07+00:00

From 39a3e3b8901af6c80ae54864e336200ad5104514 Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Mon, 23 Oct 2017 11:30:27 -0700
Subject: [PATCH 2/2] bump(dev-libs/libpcre): sync with upstream

---
 .../portage-stable/dev-libs/libpcre/Manifest  |   8 +-
 ...-8.41-sljit_mips-label-statement-fix.patch |  15 +++
 .../dev-libs/libpcre/libpcre-8.41.ebuild      | 103 ++++++++++++++++++
 .../metadata/md5-cache/dev-libs/libpcre-8.41  |  14 +++
 4 files changed, 133 insertions(+), 7 deletions(-)
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libpcre/files/libpcre-8.41-sljit_mips-label-statement-fix.patch
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libpcre/libpcre-8.41.ebuild
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/libpcre-8.41

diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre/Manifest
index ab0568f2ac..7d801d1c0e 100644
--- a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre/Manifest
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre/Manifest
@@ -1,8 +1,2 @@
-AUX libpcre-8.40-jit-else.patch 2149 SHA256 a6fb7e204a0a33c12c89983f57f8548998b52137f7964a809c5b6031e37d6829 SHA512 d1d8e7c689402bad4ac26785e1a642978a6e76f83f69d4df251fb7b88108106292f73a43c6f476c226a45ccfab008283f269128e3631930b0f5490b2f46e3b48 WHIRLPOOL 35a3593928463bc3fb8c3c51cb110547fbd55be894d968b0569afcac17a5f268d2347be187d267c58f302f60aa7a00df80d72524a99cb8c6b4491b0a7725e9c2
-AUX libpcre-8.40-pcregrep-multiline-1.patch 2688 SHA256 6bc091de8df6715c9cdea6b65d3050112b032915e24e12d5d440434b11d4032a SHA512 c7095a8034db6896c1457e7950a15c00ffd7c08dc29f07ca83e46db63209d42c87e808f328bd2eaaaed0fe4038575629b8e64fa77b4c249ca938fc83415bbe28 WHIRLPOOL 87ae705b53a3227f297cec1036301be32687c02c8b44131b62994663fb2cf2cc0c92c1968627f1238f1985a92a660ccebacc0eda4e05ac315a4672c5b89ab3fa
-AUX libpcre-8.40-pcregrep-multiline-2.patch 803 SHA256 01d27d72071e1fc5e90db5da2795b61b19e519097200b891979b02a63222b5ed SHA512 aae538dcf871618d00e9994ab1fd973f491075fc852c45aedd6e99ffd6726aabc9f93fff3e5aebbc1869fd2dd85d6d24f0eded075df857991b0457ca797a25fd WHIRLPOOL 7dc104231878dad7a51a2d0fd95711002780a6c6190af15facda78595ac93befeb0f63c02315a1c528dd2aac7ef17727a5fed0af0fe996f6a0158ea380ffd0e4
 DIST pcre-8.40.tar.bz2 1560119 SHA256 00e27a29ead4267e3de8111fcaa59b132d0533cdfdbdddf4b0604279acbcf4f4 SHA512 b4c27eafbdf33bd7a1384655b1936f4be3bc6745c072347eb26e988896c52664bd85ac42444da1be78b6e20f45b6c7e5921f5f20f5b0741b5bd3d9844e5bd4e2 WHIRLPOOL 6711688972b3db4b98902d548b84e8b03b61c3a12d24a4e42fc49ddc5e2b4be51f98f91873166e550866e88b6cd55092ea27704a3b7e71d58a2af21148ad3340
-EBUILD libpcre-8.40-r1.ebuild 2849 SHA256 71b6ae4b11f222072bf9776f4e701cd17e7819b82ce58d62c65a6380fa87f364 SHA512 b6969ee98be6c15c5e698a03c78956159f147a08fa9646711e75122ebae03df3e154d8a394a033a70ac2d5658b02b67626396433993639491b8753cc03fdd02f WHIRLPOOL 99012339d40a2857e83602e58b7b23f89d9385537df57a84b9ff38492ea443d48445d1151c9a442debee19e3fcfda14ae66ac11c50c702640ef18afc05dc8252
-MISC ChangeLog 9358 SHA256 6d71cdef5ca28f5d0c3af958daa73122d374a64088bf960961f9eec235572595 SHA512 ad1c6ff26e6198bda9f8c5d31d03a5337b0bd7c620f564b31b98117982d12677426ec4d703325028c44ea371dc15c3b2530d0c91ccd9e8b40b5710761a2e7ef0 WHIRLPOOL c8f1726ad29d83ee380eeeaae0a385a7de8db1e99751357bbf59dcf0af751e4f6ddb8f88d836dda0d0d6e132ef4db126fa3e64610491ceadce550b3017b2ee5d
-MISC ChangeLog-2015 35335 SHA256 dfdfc43bcff86898d74db532baf46e6d88c70a3e62e82ceab69c285934f802b5 SHA512 94411b185f75967d240777124272d04b13f3cb3e43de6f751baa9944e07086f9fa2972e4854514fb39f85d69422a07fd1ee1cc7fc587dacf54b777bdf68439ea WHIRLPOOL ec71b8c06e85b5ec0a4040def4447e6aa2589bbaf9bd4b5d7479a2b968357a2b5c4a30e7c2739bd1b4607e074cdc9d15e0f730ed1a69cb936d514056d53578e0
-MISC metadata.xml 1112 SHA256 fa2a7f9e7f1ee1c432907cbc5cc0dd23f9636b5f4c51836dbcdbf24f72975c2a SHA512 eb7e2db9932c108442e69bd3ddf04d8d753dede44f7453b1fa33730ec9cda89e618f4444a0adf3f9e7d09baf8c97ff19831906ad7148a26674269f1efd427e6b WHIRLPOOL 7b675f34fbd1f58f42d7ad5c4e39e1d80922474624047165b30d85ecdbbffd1246d68b0dad4d7553c0d2fc900249e3425fc04f9b3821f189b30ebb2d2615dbad
+DIST pcre-8.41.tar.bz2 1561874 SHA256 e62c7eac5ae7c0e7286db61ff82912e1c0b7a0c13706616e94a7dd729321b530 SHA512 cc9cdbeb98c010fe4f093a019bebfb91965dae4c6a48f8e49c38ec8df7d9da7f0d32c12fc58f22c51f1c2f010e72b65bcbf8bbf180060e93edf464fa9a7c3551 WHIRLPOOL 24d891c4f6580af20aa07a166038a2bacb52cdb305987f8b91b2fecae65e7b5277d3ef0b26ddbb3a33fd34794e6340e77df6a321e770b3aca4393d1ed144cf64
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre/files/libpcre-8.41-sljit_mips-label-statement-fix.patch b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre/files/libpcre-8.41-sljit_mips-label-statement-fix.patch
new file mode 100644
index 0000000000..0494ccc25e
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre/files/libpcre-8.41-sljit_mips-label-statement-fix.patch
@@ -0,0 +1,15 @@
+diff -Naurp pcre-8.41.orig/sljit/sljitNativeMIPS_common.c pcre-8.41/sljit/sljitNativeMIPS_common.c
+--- pcre-8.41.orig/sljit/sljitNativeMIPS_common.c	2017-05-07 11:32:25.000000000 -0400
++++ pcre-8.41/sljit/sljitNativeMIPS_common.c	2017-07-29 17:50:24.508909742 -0400
+@@ -503,9 +503,11 @@ SLJIT_API_FUNC_ATTRIBUTE sljit_s32 sljit
+ #ifdef SLJIT_IS_FPU_AVAILABLE
+ 		return SLJIT_IS_FPU_AVAILABLE;
+ #elif defined(__GNUC__)
++	{
+ 		sljit_sw fir;
+ 		asm ("cfc1 %0, $0" : "=r"(fir));
+ 		return (fir >> 22) & 0x1;
++	}
+ #else
+ #error "FIR check is not implemented for this architecture"
+ #endif
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre/libpcre-8.41.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre/libpcre-8.41.ebuild
new file mode 100644
index 0000000000..96c3c8993d
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre/libpcre-8.41.ebuild
@@ -0,0 +1,103 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit eutils multilib libtool flag-o-matic toolchain-funcs multilib-minimal
+
+DESCRIPTION="Perl-compatible regular expression library"
+HOMEPAGE="http://www.pcre.org/"
+MY_P="pcre-${PV/_rc/-RC}"
+if [[ ${PV} != *_rc* ]] ; then
+	# Only the final releases are available here.
+	SRC_URI="mirror://sourceforge/pcre/${MY_P}.tar.bz2
+		ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${MY_P}.tar.bz2"
+else
+	SRC_URI="ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Testing/${MY_P}.tar.bz2"
+fi
+
+LICENSE="BSD"
+SLOT="3"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 +cxx +jit libedit pcre16 pcre32 +readline +recursion-limit static-libs unicode zlib"
+REQUIRED_USE="readline? ( !libedit )
+	libedit? ( !readline )"
+
+RDEPEND="
+	bzip2? ( app-arch/bzip2 )
+	zlib? ( sys-libs/zlib )
+	libedit? ( dev-libs/libedit )
+	readline? ( sys-libs/readline:0= )
+"
+DEPEND="
+	${RDEPEND}
+	virtual/pkgconfig
+"
+RDEPEND="
+	${RDEPEND}
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20131008-r2
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)
+"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/pcre-config
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-8.41-sljit_mips-label-statement-fix.patch
+)
+
+src_prepare() {
+	epatch "${PATCHES[@]}"
+	sed -i -e "s:-lpcre ::" libpcrecpp.pc.in || die
+	elibtoolize
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		--with-match-limit-recursion=$(usex recursion-limit 8192 MATCH_LIMIT)
+		$(multilib_native_use_enable bzip2 pcregrep-libbz2)
+		$(use_enable cxx cpp)
+		$(use_enable jit) $(use_enable jit pcregrep-jit)
+		$(use_enable pcre16)
+		$(use_enable pcre32)
+		$(multilib_native_use_enable libedit pcretest-libedit)
+		$(multilib_native_use_enable readline pcretest-libreadline)
+		$(use_enable static-libs static)
+		$(use_enable unicode utf) $(use_enable unicode unicode-properties)
+		$(multilib_native_use_enable zlib pcregrep-libz)
+		--enable-pcre8
+		--enable-shared
+		--htmldir="${EPREFIX}"/usr/share/doc/${PF}/html
+		--docdir="${EPREFIX}"/usr/share/doc/${PF}
+	)
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake V=1 $(multilib_is_native_abi || echo "bin_PROGRAMS=")
+}
+
+multilib_src_install() {
+	emake \
+		DESTDIR="${D}" \
+		$(multilib_is_native_abi || echo "bin_PROGRAMS= dist_html_DATA=") \
+		install
+	gen_usr_ldscript -a pcre
+}
+
+multilib_src_install_all() {
+	prune_libtool_files
+}
+
+pkg_preinst() {
+	preserve_old_lib /$(get_libdir)/libpcre.so.0
+}
+
+pkg_postinst() {
+	preserve_old_lib_notify /$(get_libdir)/libpcre.so.0
+}
diff --git a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/libpcre-8.41 b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/libpcre-8.41
new file mode 100644
index 0000000000..2fbc6a51c0
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/libpcre-8.41
@@ -0,0 +1,14 @@
+DEFINED_PHASES=compile configure install postinst preinst prepare test
+DEPEND=bzip2? ( app-arch/bzip2 ) zlib? ( sys-libs/zlib ) libedit? ( dev-libs/libedit ) readline? ( sys-libs/readline:0= ) virtual/pkgconfig >=app-portage/elt-patches-20170317
+DESCRIPTION=Perl-compatible regular expression library
+EAPI=5
+HOMEPAGE=http://www.pcre.org/
+IUSE=bzip2 +cxx +jit libedit pcre16 pcre32 +readline +recursion-limit static-libs unicode zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
+KEYWORDS=alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris
+LICENSE=BSD
+RDEPEND=bzip2? ( app-arch/bzip2 ) zlib? ( sys-libs/zlib ) libedit? ( dev-libs/libedit ) readline? ( sys-libs/readline:0= ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20131008-r2 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )
+REQUIRED_USE=readline? ( !libedit ) libedit? ( !readline )
+SLOT=3
+SRC_URI=mirror://sourceforge/pcre/pcre-8.41.tar.bz2 ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.41.tar.bz2
+_eclasses_=epatch	8233751dc5105a6ae8fcd86ce2bb0247	estack	43ddf5aaffa7a8d0482df54d25a66a1f	eutils	9c113d6a64826c40154cad7be15d95ea	flag-o-matic	61cad4fb5d800b29d484b27cb033f59b	libtool	e32ea84bf82cf8987965b574672dba93	ltprune	2770eed66a9b8ef944714cd0e968182e	multibuild	72647e255187a1fadc81097b3657e5c3	multilib	97f470f374f2e94ccab04a2fb21d811e	multilib-build	eed53a6313267c9fbcd35fc384bd0087	multilib-minimal	9139c3a57e077cb8e0d0f73ceb080b89	toolchain-funcs	8fec6b1eb195836560e70b66d98fb163
+_md5_=bde35f1dcc4a5e53f04a823647821fad