bump(metadata/glsa): sync with upstream

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest

@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 437750 BLAKE2B e4c6b7d5ec709b50478a92e61fd043c3784eb62915f4d39921a1c91a36627c315752406124b99ad4af39a3380f0f1c4b9ccabb34323d36427251a04d374298bd SHA512 31716069b15e65375ed6e961b9459069e7ce8ef8e807f89b733a3fd83d7d24cc1a5166f4e9df1134d130ee61e231e8958fee715eba64b4e57349f5a4b6f22879
+MANIFEST Manifest.files.gz 438854 BLAKE2B ca65213463786d39d41485af7ea84eff3024cf674a90349e25e12c216efcd63b50848be0dd7fb7c54db79b6279385d7b09488386ffd96909db99671090ea4f08 SHA512 6572d8ad2e9aad4fbe11ff52d8aa91113cb87e207974cdb6aa98101ae4a50b77b173f68eba733267e1a109e70f86139ed901b5a4ee05472f22a8d3024aa9acb5
-TIMESTAMP 2019-03-20T14:08:40Z
+TIMESTAMP 2019-03-28T13:38:46Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlySSWhfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlyczmZfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAGHBAAie17TMYJuUaFIcborhrkjUGykwyzXp3d/RBt9kjIZFoqDAHjYD5+Wlet
+klDYWhAAo1sblmnGYIlx9TtDfDwZAhcScB0WxacZHB1VfQlHTv99u5+rtGZHRbrS
-xi0aBUzYmWx2HGuW0DpKGr6Wa4vDktJKY+hNI4rocY1WdNxXtQiw7eKLlbKgYXFy
+OgsjKvrvHGyAdL11mOncCxusWKLMICEbukgv9bAwPDSe4ZJssgCA6dWBlKqs08rD
-f/9ylhxNKUeh72Cak1yNUDarC5B8MJGyNp5vrU4TUPs6mJNd/fbbXyhISOwvbRmU
+9T+xcGop/7L9hOOOjRCkjp5oiT11XT1QO3CmxCAudvBGWL3warElsl0NqXlR3pQU
-zHwgtFrVRVYuGlT/BC3ZNp2tAp8aiTOa9su63eFJF3Mk4Qm9wgYaT+2+wXuMxt8y
+2wFHj1VjlN5TZ3aAKx327N+TO4PzV7OI4IXz1F1I40H3o7df4k1QA01QMKwqngov
-CWy3yazdUQnsKOEJ2Uk1r71Khb/k/4uFgTgQli/QBFIgNAXOk6kozHuQE1DLvoue
+fcVUpuCaS6j+szZg/34On/eGqL6P3Zlgi2nA1Bj/L39DoCRzzdsWo50qhD8ckApa
-nHFuf32luDHqZ1k6uhRjQC8QHXCXSeooBvoph+J/ppRB9KmBs0mLGzIMOa3iJ8ti
+VLVqL7mur7j8h0Q4cStu/7F0H66cEpqEvRfiEv6eMEQ2QWPoGWTI3lo+Rmoz3QC/
-um4W2huqGWhwakx0zTS3Hj+udcGIHKmq7ynSD2JCclAX0Y1L4feGLr6Q5XuTEnTN
+fIrCsAWMxWIZCNbtSdDLKklhPFsDcTFyBpUF1ZBS0oFWkQioK8BWvs0A5w/sLVL1
-KlCmYKL4UQOHKhgZMhz9LqteWjQc40kZbC2dXldFg/xMMEeIdFMVVz/QgQxUHX9b
+sat5Apk1ygCTeeeX8KBQizu3I6uKco17SqihcAwRHooCJuNPAPRxM9lbpWiQ+PPE
-vyXkluS7I8GnzBf2BhhJdUIu9gCuILL/c+sk7YYvNZp4mmTe6/JzYxlBJHVQsq9+
+C+w0MSbDD77Vq89+BKo8eA/LGvaIn4pfV+39ijhhsEIWmv/RjXMr9noKkID8wTAK
-rDUwCLFNftc+u5tDDjLprrJXJK2Fq25wGTISLIs+nvrJsx+h5mcydHq/e40dN6UM
+Dfe2HY9P/o6zhziXpiskTN8hk5ootmODbC3jAPOAfLqQeDIHyTXN+bYKpVtZCFh7
-syOsTDuxkNwClqxLKgBjWeHO0AM6orLLN2mA61rR9z3mkWHwhoE=
+lWdqHx9+3V3xlcBrW8MDxMq0Gpghcc0eCLPx3kSHYzgoXvi3ZPg=
-=dL/y
+=0j+W
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201401-04.xml

@@ -17,23 +17,10 @@
   <access>remote</access>
   <affected>
     <package name="dev-lang/python" auto="yes" arch="*">
-      <unaffected range="rge">3.2.5-r1</unaffected>
+      <unaffected range="ge">3.2.5-r1</unaffected>
-      <unaffected range="rge">2.6.8</unaffected>
+      <unaffected range="ge">2.6.8</unaffected>
-      <unaffected range="rge">2.7.3-r1</unaffected>
+      <unaffected range="ge">2.7.3-r1</unaffected>
       <unaffected range="ge">3.3.2-r1</unaffected>
-      <unaffected range="rge">2.6.9</unaffected>
-      <unaffected range="rge">2.7.4</unaffected>
-      <unaffected range="rge">2.7.5</unaffected>
-      <unaffected range="rge">2.7.6</unaffected>
-      <unaffected range="rge">2.7.7</unaffected>
-      <unaffected range="rge">2.7.8</unaffected>
-      <unaffected range="rge">2.7.9</unaffected>
-      <unaffected range="rge">2.7.10</unaffected>
-      <unaffected range="rge">2.7.11</unaffected>
-      <unaffected range="rge">2.7.12</unaffected>
-      <unaffected range="rge">2.7.13</unaffected>
-      <unaffected range="rge">2.7.14</unaffected>
-      <unaffected range="rge">2.7.15</unaffected>
       <vulnerable range="lt">3.3.2-r1</vulnerable>
     </package>
   </affected>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201503-10.xml

@@ -19,13 +19,7 @@
   <affected>
     <package name="dev-lang/python" auto="yes" arch="*">
       <unaffected range="ge">3.3.5-r1</unaffected>
-      <unaffected range="rge">2.7.9-r1</unaffected>
+      <unaffected range="ge">2.7.9-r1</unaffected>
-      <unaffected range="rge">2.7.10</unaffected>
-      <unaffected range="rge">2.7.11</unaffected>
-      <unaffected range="rge">2.7.12</unaffected>
-      <unaffected range="rge">2.7.13</unaffected>
-      <unaffected range="rge">2.7.14</unaffected>
-      <unaffected range="rge">2.7.15</unaffected>
       <vulnerable range="lt">3.3.5-r1</vulnerable>
     </package>
   </affected>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-02.xml

@@ -12,8 +12,8 @@
   <access>remote</access>
   <affected>
     <package name="dev-lang/python" auto="yes" arch="*">
-      <unaffected range="ge">2.7.15</unaffected>
+      <unaffected range="ge" slot="2.7">2.7.15</unaffected>
-      <vulnerable range="lt">2.7.15</vulnerable>
+      <vulnerable range="lt" slot="2.7">2.7.15</vulnerable>
     </package>
   </affected>
   <background>
@@ -39,7 +39,7 @@
     
     <code>
       # emerge --sync
-      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.15"
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.15:2.7"
     </code>
     
   </resolution>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-17.xml

@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-17">
+  <title>SDL2_Image: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the image loading
+    library
+    for Simple DirectMedia Layer, the worst of which could result in the remote
+    execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">sdl_image</product>
+  <announced>2019-03-28</announced>
+  <revised count="1">2019-03-28</revised>
+  <bug>655226</bug>
+  <bug>674132</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/sdl2-image" auto="yes" arch="*">
+      <unaffected range="ge">2.0.4</unaffected>
+      <vulnerable range="lt">2.0.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SDL_image is an image file library that loads images as SDL surfaces,
+      and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM,
+      TGA, TIFF, XCF, XPM, and XV.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SDL2_Image. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to process a specially crafted
+      image file, could execute arbitrary code, cause a Denial of Service
+      condition, or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SDL2_Image users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/sdl2-image-2.0.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12122">CVE-2017-12122</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14440">CVE-2017-14440</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14441">CVE-2017-14441</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14442">CVE-2017-14442</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14448">CVE-2017-14448</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14449">CVE-2017-14449</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14450">CVE-2017-14450</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3837">CVE-2018-3837</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3838">CVE-2018-3838</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3839">CVE-2018-3839</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3977">CVE-2018-3977</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-02T21:13:59Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-03-28T02:06:35Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-18.xml

@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-18">
+  <title>GD: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GD, the worst of which
+    could result in the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">gd</product>
+  <announced>2019-03-28</announced>
+  <revised count="1">2019-03-28</revised>
+  <bug>664732</bug>
+  <bug>679702</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/gd" auto="yes" arch="*">
+      <unaffected range="ge">2.2.5-r2</unaffected>
+      <vulnerable range="lt">2.2.5-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GD is a graphic library for fast image creation.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GD. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      image, possibly resulting in execution of arbitrary code or a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/gd-2.2.5-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000222">
+      CVE-2018-1000222
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5711">CVE-2018-5711</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6977">CVE-2019-6977</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6978">CVE-2019-6978</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T05:25:03Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-28T02:09:10Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-19.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-19">
+  <title>NASM: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in NASM, the worst of
+    which could result in the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">nasm</product>
+  <announced>2019-03-28</announced>
+  <revised count="1">2019-03-28</revised>
+  <bug>635358</bug>
+  <bug>659550</bug>
+  <bug>670884</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/nasm" auto="yes" arch="*">
+      <unaffected range="ge">2.14.02</unaffected>
+      <vulnerable range="lt">2.14.02</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>NASM is a 80x86 assembler that has been created for portability and
+      modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It
+      also supports a wide range of objects formats (ELF, a.out, COFF, etc),
+      and has its own disassembler.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in NASM. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could cause a Denial of Service condition or execute
+      arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NASM users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/nasm-2.14.02"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10686">CVE-2017-10686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11111">CVE-2017-11111</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14228">CVE-2017-14228</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T04:10:57Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-28T02:11:39Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-20.xml

@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-20">
+  <title>cabextract, libmspack: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cabextract and
+    libmspack, the worst of which could result in a Denial of Service.
+  </synopsis>
+  <product type="ebuild">cabextract, libmspack</product>
+  <announced>2019-03-28</announced>
+  <revised count="1">2019-03-28</revised>
+  <bug>662874</bug>
+  <bug>669280</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/cabextract" auto="yes" arch="*">
+      <unaffected range="ge">1.8</unaffected>
+      <vulnerable range="lt">1.8</vulnerable>
+    </package>
+    <package name="dev-libs/libmspack" auto="yes" arch="*">
+      <unaffected range="ge">0.8_alpha</unaffected>
+      <vulnerable range="lt">0.8_alpha</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>cabextract is free software for extracting Microsoft cabinet files.</p>
+    
+    <p>libmspack is a portable library for some loosely related Microsoft
+      compression formats
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cabextract and
+      libmspack. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE’s for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cabextract users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/cabextract-1.8"
+    </code>
+    
+    <p>All libmspack users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libmspack-0.8_alpha"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14679">CVE-2018-14679</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14680">CVE-2018-14680</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14681">CVE-2018-14681</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14682">CVE-2018-14682</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18584">CVE-2018-18584</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18585">CVE-2018-18585</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18586">CVE-2018-18586</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-24T19:20:01Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-03-28T02:14:01Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-21.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-21">
+  <title>Apache: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache Web Server, the
+    worst of which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2019-03-28</announced>
+  <revised count="1">2019-03-28</revised>
+  <bug>676064</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.4.38-r1</unaffected>
+      <vulnerable range="lt">2.4.38-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Apache HTTP server is one of the most popular web servers on the
+      Internet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can possibly cause a Denial of Service condition or
+      could bypass mod_session_cookie expiration time.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.4.38-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17189">CVE-2018-17189</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17190">CVE-2018-17190</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17199">CVE-2018-17199</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-0190">CVE-2019-0190</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-24T13:34:22Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-28T02:17:53Z">Zlogene</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-22.xml

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-22">
+  <title>ZeroMQ: Code execution</title>
+  <synopsis>An overflow was discovered in ZeroMQ which could lead to arbitrary
+    code execution.
+  </synopsis>
+  <product type="ebuild">zeromq</product>
+  <announced>2019-03-28</announced>
+  <revised count="1">2019-03-28</revised>
+  <bug>675376</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-libs/zeromq" auto="yes" arch="*">
+      <unaffected range="ge">4.3.1</unaffected>
+      <vulnerable range="lt">4.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Looks like an embeddable networking library but acts like a concurrency
+      framework
+    </p>
+  </background>
+  <description>
+    <p>Please reference the CVE for details.</p>
+  </description>
+  <impact type="high">
+    <p>Please reference the CVE for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ZeroMQ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/zeromq-4.3.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6250">CVE-2019-6250</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-24T14:21:11Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-28T02:20:04Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-23.xml

@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-23">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium, the worst of
+    which could result in the remote execution of code.
+  </synopsis>
+  <product type="ebuild">chromium</product>
+  <announced>2019-03-28</announced>
+  <revised count="1">2019-03-28</revised>
+  <bug>671550</bug>
+  <bug>677066</bug>
+  <bug>679530</bug>
+  <bug>680242</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">73.0.3683.75</unaffected>
+      <vulnerable range="lt">73.0.3683.75</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers and Google Chrome Releases
+      for details.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-73.0.3683.75"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17479">CVE-2018-17479</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5786">CVE-2019-5786</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5786">CVE-2019-5786</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5787">CVE-2019-5787</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5788">CVE-2019-5788</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5789">CVE-2019-5789</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5790">CVE-2019-5790</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5791">CVE-2019-5791</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5792">CVE-2019-5792</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5793">CVE-2019-5793</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5794">CVE-2019-5794</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5795">CVE-2019-5795</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5796">CVE-2019-5796</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5797">CVE-2019-5797</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5798">CVE-2019-5798</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5799">CVE-2019-5799</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5800">CVE-2019-5800</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5801">CVE-2019-5801</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5802">CVE-2019-5802</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5803">CVE-2019-5803</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5804">CVE-2019-5804</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-24T22:13:31Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-28T02:22:18Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk

@@ -1 +1 @@
-Wed, 20 Mar 2019 14:08:36 +0000
+Thu, 28 Mar 2019 13:38:42 +0000

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit

@@ -1 +1 @@
-30f2fef098951e797cb4c22b80fbeb640fff7f3f 1553088963 2019-03-20T13:36:03+00:00
+821df578dd1e4239ed7205c587587491907ef45c 1553739754 2019-03-28T02:22:34+00:00