# emerge --sync
- # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.15"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.15:2.7"
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-17.xml
new file mode 100644
index 0000000000..f561605e8c
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-17.xml
@@ -0,0 +1,65 @@
+
+
+SDL_image is an image file library that loads images as SDL surfaces, + and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM, + TGA, TIFF, XCF, XPM, and XV. +
+Multiple vulnerabilities have been discovered in SDL2_Image. Please + review the CVE identifiers referenced below for details. +
+A remote attacker, by enticing a user to process a specially crafted + image file, could execute arbitrary code, cause a Denial of Service + condition, or obtain sensitive information. +
+There is no known workaround at this time.
+All SDL2_Image users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/sdl2-image-2.0.4"
+
+ GD is a graphic library for fast image creation.
+Multiple vulnerabilities have been discovered in GD. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could entice a user to process a specially crafted + image, possibly resulting in execution of arbitrary code or a Denial of + Service condition. +
+There is no known workaround at this time.
+All GD users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gd-2.2.5-r2"
+
+ NASM is a 80x86 assembler that has been created for portability and + modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It + also supports a wide range of objects formats (ELF, a.out, COFF, etc), + and has its own disassembler. +
+Multiple vulnerabilities have been discovered in NASM. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could cause a Denial of Service condition or execute + arbitrary code. +
+There is no known workaround at this time.
+All NASM users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/nasm-2.14.02"
+
+ cabextract is free software for extracting Microsoft cabinet files.
+ +libmspack is a portable library for some loosely related Microsoft + compression formats +
+Multiple vulnerabilities have been discovered in cabextract and + libmspack. Please review the CVE identifiers referenced below for + details. +
+Please review the referenced CVE’s for details.
+There is no known workaround at this time.
+All cabextract users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/cabextract-1.8"
+
+
+ All libmspack users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libmspack-0.8_alpha"
+
+ The Apache HTTP server is one of the most popular web servers on the + Internet. +
+Multiple vulnerabilities have been discovered in Apache. Please review + the CVE identifiers referenced below for details. +
+A remote attacker can possibly cause a Denial of Service condition or + could bypass mod_session_cookie expiration time. +
+There is no known workaround at this time.
+All Apache users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.38-r1"
+
+
+ Looks like an embeddable networking library but acts like a concurrency + framework +
+Please reference the CVE for details.
+Please reference the CVE for details.
+There is no known workaround at this time.
+All ZeroMQ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/zeromq-4.3.1"
+
+ Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifiers and Google Chrome + Releases for details. +
+Please review the referenced CVE identifiers and Google Chrome Releases + for details. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-73.0.3683.75"
+
+
+