bump(metadata/glsa): sync with upstream

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest

@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 434883 BLAKE2B 437fd719358cb224888b8071f01d60b1548cd1a82f20093903aa74e9fe63671e56f03a20ed426aae11e7d6fdd7027beb57804429044781bc9dc3557ccbbcb5a8 SHA512 16828091dc592888ea79b76c0a3e0ec358317e4c345386d11d12983b85a84ed74ba2d650d8af4f0f90a313afdad1a7fd1808666df2dca69ee70f2802b663b733
+MANIFEST Manifest.files.gz 435197 BLAKE2B 5ef1f755677fba588afa252a22622c045d099b3f39fb6b356786170399bb20e8c58212856a5ddc6f59dc6076e3f84a95376a4dc3b4d5154c7d540151a154c88a SHA512 fb541e904c3c6b5ec17c08e76f9ce1dcd0d8f0b31dee092dd3542b9a34a04890e9a1b1e6b0d78d3523fb451deb84b3316ae6b588a29aec6f4741dfb52941ecc9
-TIMESTAMP 2018-12-21T15:08:37Z
+TIMESTAMP 2018-12-31T15:38:40Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlwdAfVfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlwqOABfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCKNg//dCIBDp+4caJgLpkB4vH2SC244vRQmnQiKQREG+3OXgizDV9ZrS/FIREr
+klBxRBAAtUgUnM+koOIrHy98B5Uj8vQ0YUz+hHXxfPZ5I3DjG138tNv+kSSfZtZ1
-gTPFzuUvsxuuvvPwVDG04eLyu5LK05v4ngj/QF3le+WWh+q9HNGdf0h2gK8iIQ5d
+VC9QQSG0svtCjDOUG1CZ6b31Kf1ySFALtcelgTgNp8Y8R1CqoC0UIhd6jhxIEzU3
-DJvwHNux7ACcW10sdSzdPro6vh2H3iNNrki0zLQKp3c4GkWOOWBaxBIJTrkjB4t0
+QThllPuldQOr8pOf/3pxDO0gZ/eeXeBF2rnrDq8nDkkqLNTnPBg998fJZGLFTi+S
-EIBKESKLW/vNB7De8ewXJ2OdKu4gJF84jbeAMxs36rkidirJ3hZRbZ4F7Xbyo4QP
+yWYh4Dtyq53TbbQ4tjKwFL8MZnIv9tDt5Xol6socrhWdZvScnpoHgg7W5+LemdYb
-KOktgqEKY1SV0r9rr2LIi0KlGTfeEApwzZGoZWt8KoGFzbeEaEaFJ1TokmQJ6Igr
+J/CGgtl9LYn9xvUCCKl5YV/BF3rLH1tJUdZHDrcl1jqSSnmF59uQ17XDOyb47xZH
-ACY+IOrqZw7ItO7U8+oYCj/CydT6OyEQ1LcO7HBN1eDwcazaTYrtmjm5tEypv2Mx
+bPU9gxGNvqdDdizqb8mRKILzQqzzBuSiOshuSO29wX4Xh+GcO76JBamw9U6B8O+O
-1ZN7GTTKa/f0ug04fPHwg8cPLeUjW87qc3x5PMI90fIreIw8gSANQbQJJJB4Cnym
+G+IjxAN9HaDj0nRzzCqQkhkBpN4dNsySt1bYyqzcTXaLUre6EQAerQE943exCQGX
-hYqGiax+uchoSRiKC+wfJ6ytfn6JFuIWqtKVZAl40/GoS453Qb6+l/+TzwiThbIR
+p+UiE4as/EMg6S1EA95K/hshidQHXMbCpqzoK4BCJ9AXgm3WULAJy6JhTEma+4M4
-gSwiA8w1pQ42UIAHJvTftBdO6kNqtaMdBHV3Cmr0Ty7WDZBqfWORpNyXqzUextlJ
+7cIKiGtl4G61SxVCt/hVjqKKUZVkjUMo/+PMyclJ1Xrhgomxs1Pv+waX6RQ7ldgs
-1m8hxTbM1e3MrpW9Djn7n3/Ec5XwODhIpdBfLWxDGdYwMWSNHBBwdjgRNtw4uAyR
+dBALSFUehLiBDCC1HTSUEniPjDmgNNaAclze37jLhjOZUoVaiCDD6wuLHqIFajlC
-/17jtMxe2dw3ax3SHB/5Q5iRWchgX4E6AGsmJAzQoqfC0hYtA+0=
+nLejRPqU6qWCOk6ig6UgA68G48Ttf7WXSZ9i/3d1Tw5B5ASWAMM=
-=Ofjz
+=qJUW
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201812-10.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-10">
+  <title>GKSu: Arbitrary command execution</title>
+  <synopsis>A vulnerability in GKSu might allow attackers to execute arbitrary
+    commands.
+  </synopsis>
+  <product type="ebuild">gksu</product>
+  <announced>2018-12-30</announced>
+  <revised count="1">2018-12-30</revised>
+  <bug>534540</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/gksu" auto="yes" arch="*">
+      <vulnerable range="le">2.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A library that provides a Gtk+ frontend to su and sudo.</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in GKSu’s gksu-run-helper.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could execute arbitrary commands.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for GKSu and recommends that users
+      unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "x11-libs/gksu"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2014-2886">CVE-2014-2886</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-11T17:31:55Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-30T21:10:46Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201812-11.xml

@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-11">
+  <title>Rust: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Rust, the worst which
+    may allow local attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">rust</product>
+  <announced>2018-12-30</announced>
+  <revised count="1">2018-12-30</revised>
+  <bug>662904</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/rust" auto="yes" arch="*">
+      <unaffected range="ge">1.29.1</unaffected>
+      <vulnerable range="lt">1.29.1</vulnerable>
+    </package>
+    <package name="dev-lang/rust-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.29.1</unaffected>
+      <vulnerable range="lt">1.29.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A systems programming language that runs blazingly fast, prevents
+      segfaults, and guarantees thread safety.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Rust. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker able to control the value passed to Rust’s
+      str::repeat function could possibly cause a Denial of Service condition.
+    </p>
+    
+    <p>In addition, a local attacker could trick another user into executing
+      arbitrary code when using rustdoc.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Rust users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/rust-1.29.1"
+    </code>
+    
+    <p>All Rust binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/rust-bin-1.29.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000622">
+      CVE-2018-1000622
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000810">
+      CVE-2018-1000810
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-02T17:19:53Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-30T21:11:02Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk

@@ -1 +1 @@
-Fri, 21 Dec 2018 15:08:33 +0000
+Mon, 31 Dec 2018 15:38:36 +0000

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit

@@ -1 +1 @@
-50b59faac05c76419ff9b3a69d1e89f8a5c99678 1545393597 2018-12-21T11:59:57+00:00
+baa5a86124960e22df1f11ab63da9f282dd4cdd3 1546204642 2018-12-30T21:17:22+00:00