From 7fa5018e6fd738400e6ef2a5590f306ef83e9c92 Mon Sep 17 00:00:00 2001
From: Nick Owens <mischief@coreos.com>
Date: Wed, 22 Jun 2016 11:21:22 -0700
Subject: [PATCH] bump(metadata/glsa): sync with upstream

---
 .../metadata/glsa/glsa-201605-03.xml          |  53 +++
 .../metadata/glsa/glsa-201605-04.xml          |  51 +++
 .../metadata/glsa/glsa-201605-05.xml          |  59 ++++
 .../metadata/glsa/glsa-201605-06.xml          | 309 ++++++++++++++++++
 .../metadata/glsa/glsa-201606-01.xml          |  55 ++++
 .../metadata/glsa/glsa-201606-02.xml          |  64 ++++
 .../metadata/glsa/glsa-201606-03.xml          |  55 ++++
 .../metadata/glsa/glsa-201606-04.xml          |  79 +++++
 .../metadata/glsa/glsa-201606-05.xml          |  60 ++++
 .../metadata/glsa/glsa-201606-06.xml          |  59 ++++
 .../metadata/glsa/glsa-201606-07.xml          |  51 +++
 .../metadata/glsa/glsa-201606-08.xml          |  68 ++++
 .../metadata/glsa/glsa-201606-09.xml          |  62 ++++
 .../metadata/glsa/glsa-201606-10.xml          | 120 +++++++
 .../metadata/glsa/timestamp.chk               |   2 +-
 15 files changed, 1146 insertions(+), 1 deletion(-)
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-03.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-04.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-05.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-06.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-01.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-02.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-03.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-04.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-05.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-06.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-07.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-08.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-09.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-10.xml

diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-03.xml
new file mode 100644
index 0000000000..d8be23ebd6
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-03.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201605-03">
+  <title>libfpx: Denial of Service</title>
+  <synopsis>A double free vulnerability has been discovered in libfpx that
+    allows remote attackers to cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild">libfpx</product>
+  <announced>May 30, 2016</announced>
+  <revised>May 30, 2016: 1</revised>
+  <bug>395367</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libfpx" auto="yes" arch="*">
+      <unaffected range="ge">1.3.1_p6</unaffected>
+      <vulnerable range="lt">1.3.1_p6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A library for manipulating FlashPIX images.</p>
+  </background>
+  <description>
+    <p>A double free vulnerability has been discovered in the Free_All_Memory
+      function in jpeg/dectile.c.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted FPX
+      image using an application linked against libfpx, possibly resulting in a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libfpx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libfpx-1.3.1_p6"
+    </code>
+    
+    <p>Packages which depend on this library may need to be recompiled. Tools
+      such as revdep-rebuild may assist in identifying these packages.
+    </p>
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0025">CVE-2012-0025</uri>
+  </references>
+  <metadata tag="requester" timestamp="Wed, 06 Apr 2016 23:28:31 +0000">b-man</metadata>
+  <metadata tag="submitter" timestamp="Mon, 30 May 2016 17:56:49 +0000">b-man</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-04.xml
new file mode 100644
index 0000000000..b568f84a94
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-04.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201605-04">
+  <title>rsync: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in rsync, the worst of
+    which could allow remote attackers to write arbitrary files.
+  </synopsis>
+  <product type="ebuild"></product>
+  <announced>May 30, 2016</announced>
+  <revised>May 30, 2016: 1</revised>
+  <bug>519108</bug>
+  <bug>540000</bug>
+  <bug>569140</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rsync" auto="yes" arch="*">
+      <unaffected range="ge">3.1.2</unaffected>
+      <vulnerable range="lt">3.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>File transfer program to keep remote files into sync.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in rsync. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could write arbitrary files via symlink attacks.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All rsync users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/rsync-3.1.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8242">CVE-2014-8242</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9512">CVE-2014-9512</uri>
+  </references>
+  <metadata tag="requester" timestamp="Thu, 25 Feb 2016 07:39:41 +0000">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="Mon, 30 May 2016 19:55:19 +0000">b-man</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-05.xml
new file mode 100644
index 0000000000..f27dedd727
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-05.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201605-05">
+  <title>Linux-PAM: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Linux-PAM, allowing
+    remote attackers to bypass the auth process and cause Denial of Service.
+  </synopsis>
+  <product type="ebuild">pam</product>
+  <announced>May 31, 2016</announced>
+  <revised>May 31, 2016: 1</revised>
+  <bug>493432</bug>
+  <bug>505604</bug>
+  <bug>553302</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-libs/pam" auto="yes" arch="*">
+      <unaffected range="ge">1.2.1</unaffected>
+      <vulnerable range="lt">1.2.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Linux-PAM (Pluggable Authentication Modules) is an architecture allowing
+      the separation of the development of privilege granting software from the
+      development of secure and appropriate authentication schemes.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Linux-PAM.  Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause Denial of Service, conduct brute force
+      attacks, and conduct username enumeration.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Linux-PAM users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/pam-1.2.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7041">CVE-2013-7041</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2583">CVE-2014-2583</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3238">CVE-2015-3238</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3238">CVE-2015-3238</uri>
+  </references>
+  <metadata tag="requester" timestamp="Mon, 10 Aug 2015 14:28:31 +0000">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="Tue, 31 May 2016 04:26:13 +0000">b-man</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-06.xml
new file mode 100644
index 0000000000..2945ac200f
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-06.xml
@@ -0,0 +1,309 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201605-06">
+  <title>Mozilla Products: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Firefox, Thunderbird,
+    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
+    the worst of which may allow remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>May 31, 2016</announced>
+  <revised>May 31, 2016: 1</revised>
+  <bug>549356</bug>
+  <bug>557590</bug>
+  <bug>559186</bug>
+  <bug>561246</bug>
+  <bug>563230</bug>
+  <bug>564834</bug>
+  <bug>573074</bug>
+  <bug>574596</bug>
+  <bug>576862</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/nspr" auto="yes" arch="*">
+      <unaffected range="ge">4.12</unaffected>
+      <vulnerable range="lt">4.12</vulnerable>
+    </package>
+    <package name="dev-libs/nss" auto="yes" arch="*">
+      <unaffected range="ge">3.22.2</unaffected>
+      <vulnerable range="lt">3.22.2</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">38.7.0</unaffected>
+      <vulnerable range="lt">38.7.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">38.7.0</unaffected>
+      <vulnerable range="lt">38.7.0</vulnerable>
+    </package>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">38.7.0</unaffected>
+      <vulnerable range="lt">38.7.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">38.7.0</unaffected>
+      <vulnerable range="lt">38.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is an open-source web browser, Mozilla Thunderbird an
+      open-source email client, and the Network Security Service (NSS) is a
+      library implementing security features like SSL v.2/v.3, TLS, PKCS #5,
+      PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates.  The
+      SeaMonkey project is a community effort to deliver production-quality
+      releases of code derived from the application formerly known as
+      ‘Mozilla Application Suite’.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and
+      Thunderbird. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page or email, possibly resulting in execution of arbitrary code or a
+      Denial of Service condition. Furthermore, a remote attacker may be able
+      to perform Man-in-the-Middle attacks, obtain sensitive information, spoof
+      the address bar, conduct clickjacking attacks, bypass security
+      restrictions and protection mechanisms, or have other unspecified
+      impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NSS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/nss-3.22.2"
+    </code>
+    
+    <p>All Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-38.7.0"
+    </code>
+    
+    <p>All users of the Thunderbird binary package should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-38.7.0"
+    </code>
+    
+    <p>All Firefox 38.7.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-38.7.0"
+    </code>
+    
+    <p>All users of the Firefox 38.7.x binary package should upgrade to the
+      latest version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-38.7.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708">CVE-2015-2708</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708">CVE-2015-2708</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709">CVE-2015-2709</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709">CVE-2015-2709</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710">CVE-2015-2710</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710">CVE-2015-2710</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711">CVE-2015-2711</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711">CVE-2015-2711</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712">CVE-2015-2712</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712">CVE-2015-2712</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713">CVE-2015-2713</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713">CVE-2015-2713</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714">CVE-2015-2714</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714">CVE-2015-2714</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715">CVE-2015-2715</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715">CVE-2015-2715</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716">CVE-2015-2716</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716">CVE-2015-2716</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717">CVE-2015-2717</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717">CVE-2015-2717</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718">CVE-2015-2718</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718">CVE-2015-2718</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473">CVE-2015-4473</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473">CVE-2015-4473</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474">CVE-2015-4474</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474">CVE-2015-4474</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475">CVE-2015-4475</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475">CVE-2015-4475</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477">CVE-2015-4477</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477">CVE-2015-4477</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478">CVE-2015-4478</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478">CVE-2015-4478</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479">CVE-2015-4479</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479">CVE-2015-4479</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480">CVE-2015-4480</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480">CVE-2015-4480</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481">CVE-2015-4481</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481">CVE-2015-4481</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482">CVE-2015-4482</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482">CVE-2015-4482</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483">CVE-2015-4483</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483">CVE-2015-4483</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484">CVE-2015-4484</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484">CVE-2015-4484</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485">CVE-2015-4485</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485">CVE-2015-4485</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486">CVE-2015-4486</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486">CVE-2015-4486</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487">CVE-2015-4487</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487">CVE-2015-4487</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488">CVE-2015-4488</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488">CVE-2015-4488</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489">CVE-2015-4489</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489">CVE-2015-4489</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490">CVE-2015-4490</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490">CVE-2015-4490</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491">CVE-2015-4491</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491">CVE-2015-4491</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492">CVE-2015-4492</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492">CVE-2015-4492</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493">CVE-2015-4493</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493">CVE-2015-4493</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181">CVE-2015-7181</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182">CVE-2015-7182</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183">CVE-2015-7183</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523">CVE-2016-1523</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523">CVE-2016-1523</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930">CVE-2016-1930</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930">CVE-2016-1930</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931">CVE-2016-1931</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931">CVE-2016-1931</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933">CVE-2016-1933</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933">CVE-2016-1933</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935">CVE-2016-1935</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935">CVE-2016-1935</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937">CVE-2016-1937</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937">CVE-2016-1937</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938">CVE-2016-1938</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938">CVE-2016-1938</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939">CVE-2016-1939</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939">CVE-2016-1939</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940">CVE-2016-1940</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940">CVE-2016-1940</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941">CVE-2016-1941</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941">CVE-2016-1941</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942">CVE-2016-1942</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942">CVE-2016-1942</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943">CVE-2016-1943</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943">CVE-2016-1943</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944">CVE-2016-1944</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944">CVE-2016-1944</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945">CVE-2016-1945</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945">CVE-2016-1945</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946">CVE-2016-1946</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946">CVE-2016-1946</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947">CVE-2016-1947</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947">CVE-2016-1947</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948">CVE-2016-1948</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948">CVE-2016-1948</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949">CVE-2016-1949</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949">CVE-2016-1949</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950">CVE-2016-1950</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950">CVE-2016-1950</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952">CVE-2016-1952</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952">CVE-2016-1952</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953">CVE-2016-1953</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953">CVE-2016-1953</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954">CVE-2016-1954</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954">CVE-2016-1954</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955">CVE-2016-1955</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955">CVE-2016-1955</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956">CVE-2016-1956</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956">CVE-2016-1956</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957">CVE-2016-1957</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957">CVE-2016-1957</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958">CVE-2016-1958</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958">CVE-2016-1958</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959">CVE-2016-1959</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959">CVE-2016-1959</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960">CVE-2016-1960</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960">CVE-2016-1960</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961">CVE-2016-1961</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961">CVE-2016-1961</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962">CVE-2016-1962</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962">CVE-2016-1962</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963">CVE-2016-1963</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963">CVE-2016-1963</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964">CVE-2016-1964</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964">CVE-2016-1964</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965">CVE-2016-1965</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965">CVE-2016-1965</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966">CVE-2016-1966</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966">CVE-2016-1966</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967">CVE-2016-1967</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967">CVE-2016-1967</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968">CVE-2016-1968</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968">CVE-2016-1968</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969">CVE-2016-1969</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969">CVE-2016-1969</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970">CVE-2016-1970</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970">CVE-2016-1970</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971">CVE-2016-1971</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971">CVE-2016-1971</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972">CVE-2016-1972</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972">CVE-2016-1972</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973">CVE-2016-1973</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973">CVE-2016-1973</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974">CVE-2016-1974</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974">CVE-2016-1974</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975">CVE-2016-1975</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975">CVE-2016-1975</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976">CVE-2016-1976</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976">CVE-2016-1976</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977">CVE-2016-1977</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977">CVE-2016-1977</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978">CVE-2016-1978</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978">CVE-2016-1978</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979">CVE-2016-1979</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979">CVE-2016-1979</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790">CVE-2016-2790</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790">CVE-2016-2790</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791">CVE-2016-2791</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791">CVE-2016-2791</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792">CVE-2016-2792</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792">CVE-2016-2792</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793">CVE-2016-2793</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793">CVE-2016-2793</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794">CVE-2016-2794</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794">CVE-2016-2794</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795">CVE-2016-2795</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795">CVE-2016-2795</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796">CVE-2016-2796</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796">CVE-2016-2796</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797">CVE-2016-2797</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797">CVE-2016-2797</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798">CVE-2016-2798</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798">CVE-2016-2798</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799">CVE-2016-2799</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799">CVE-2016-2799</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800">CVE-2016-2800</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800">CVE-2016-2800</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801">CVE-2016-2801</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801">CVE-2016-2801</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802">CVE-2016-2802</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802">CVE-2016-2802</uri>
+  </references>
+  <metadata tag="requester" timestamp="Thu, 31 Dec 2015 02:35:40 +0000">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="Tue, 31 May 2016 05:43:42 +0000">b-man</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-01.xml
new file mode 100644
index 0000000000..a06cdb60a8
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-01.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-01">
+  <title>PuTTY: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PuTTY, the worst of
+    which could lead to arbitrary code execution, or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild"></product>
+  <announced>June 05, 2016</announced>
+  <revised>June 05, 2016: 2</revised>
+  <bug>565080</bug>
+  <bug>576524</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/putty" auto="yes" arch="*">
+      <unaffected range="ge">0.67</unaffected>
+      <vulnerable range="lt">0.67</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PuTTY is a telnet and SSH client.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PuTTY. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Stack-based buffer overflow in the SCP command-line utility allows
+      remote servers to execute arbitrary code or cause a denial of service
+      condition via a crafted SCP-SINK file-size response to an SCP download
+      request.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PuTTY users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/putty-0.67"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5309">CVE-2015-5309</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2563">CVE-2016-2563</uri>
+  </references>
+  <metadata tag="requester" timestamp="Tue, 05 Apr 2016 03:16:59 +0000">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="Sun, 05 Jun 2016 16:25:06 +0000">b-man</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-02.xml
new file mode 100644
index 0000000000..c2d4bbc0b2
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-02.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-02">
+  <title>Puppet Server and Agent: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Puppet Server and
+    Agent, the worst of which could lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild"></product>
+  <announced>June 05, 2016</announced>
+  <revised>June 05, 2016: 3</revised>
+  <bug>577450</bug>
+  <bug>581372</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/puppet-agent" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2</unaffected>
+      <vulnerable range="lt">1.4.2</vulnerable>
+    </package>
+    <package name="app-admin/puppetserver" auto="yes" arch="*">
+      <unaffected range="ge">2.3.2</unaffected>
+      <vulnerable range="lt">2.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Puppet Agent contains Puppet’s main code and all of the dependencies
+      needed to run it, including Facter, Hiera, and bundled versions of Ruby
+      and OpenSSL.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Puppet Server and
+      Agent.  Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, impersonating a trusted broker, could potentially
+      execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Puppet Agent users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/puppet-agent-1.4.2"
+    </code>
+    
+    <p>All Puppet Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/puppetserver-2.3.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2785">CVE-2016-2785</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2786">CVE-2016-2786</uri>
+  </references>
+  <metadata tag="requester" timestamp="Tue, 15 Mar 2016 09:09:16 +0000">b-man</metadata>
+  <metadata tag="submitter" timestamp="Sun, 05 Jun 2016 20:14:52 +0000">b-man</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-03.xml
new file mode 100644
index 0000000000..09e90db955
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-03.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-03">
+  <title>libjpeg-turbo: Multiple vulnerabilities</title>
+  <synopsis>Two vulnerabilities have been discovered in libjpeg-turbo, the
+    worse of which could allow remote attackers access to  sensitive
+    information.
+  </synopsis>
+  <product type="ebuild">libjpeg-turbo</product>
+  <announced>June 05, 2016</announced>
+  <revised>June 05, 2016: 2</revised>
+  <bug>491150</bug>
+  <bug>531418</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libjpeg-turbo" auto="yes" arch="*">
+      <unaffected range="ge">1.4.2</unaffected>
+      <vulnerable range="lt">1.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library</p>
+  </background>
+  <description>
+    <p>libjpeg-turbo does not check for certain duplications of component data
+      during the reading of segments that follow Start Of Scan (SOS) JPEG
+      markers.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could obtain sensitive information from uninitialized
+      memory locations via a crafted JPEG images.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libjpeg-turbo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libjpeg-turbo-1.4.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629">CVE-2013-6629</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6630">CVE-2013-6630</uri>
+  </references>
+  <metadata tag="requester" timestamp="Thu, 19 Jun 2014 02:00:52 +0000">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="Sun, 05 Jun 2016 19:54:52 +0000">mrueg</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-04.xml
new file mode 100644
index 0000000000..c1a28955be
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-04.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-04">
+  <title>GnuPG: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GnuPG and libgcrypt,
+    the worst of which may allow a local attacker to obtain confidential key
+    information.
+  </synopsis>
+  <product type="ebuild">gnupg</product>
+  <announced>June 05, 2016</announced>
+  <revised>June 10, 2016: 2</revised>
+  <bug>534110</bug>
+  <bug>541564</bug>
+  <bug>541568</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-crypt/gnupg" auto="yes" arch="*">
+      <unaffected range="ge">2.0.26-r3</unaffected>
+      <unaffected range="rge">1.4.19</unaffected>
+      <unaffected range="rge">1.4.20</unaffected>
+      <unaffected range="rge">1.4.21</unaffected>
+      <unaffected range="rge">1.4.22</unaffected>
+      <vulnerable range="lt">2.0.26-r3</vulnerable>
+    </package>
+    <package name="dev-libs/libgcrypt" auto="yes" arch="*">
+      <unaffected range="ge">1.6.3-r4</unaffected>
+      <vulnerable range="lt">1.6.3-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of
+      cryptographic software.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GnuPG and libgcrypt,
+      please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly cause a Denial of Service condition.
+      Side-channel attacks could be leveraged to obtain key material.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GnuPG 2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-2.0.26-r3"
+    </code>
+    
+    <p>All GnuPG 1 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-1.4.19"
+    </code>
+    
+    <p>All libgcrypt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libgcrypt-1.6.3-r4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3591">CVE-2014-3591</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0837">CVE-2015-0837</uri>
+  </references>
+  <metadata tag="requester" timestamp="Mon, 16 Feb 2015 14:53:59 +0000">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="Fri, 10 Jun 2016 18:09:58 +0000">stanley</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-05.xml
new file mode 100644
index 0000000000..057c5fd281
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-05.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-05">
+  <title>spice: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in spice, the worst of
+    which may result in the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild"></product>
+  <announced>June 16, 2016</announced>
+  <revised>June 16, 2016: 1</revised>
+  <bug>560006</bug>
+  <bug>562890</bug>
+  <bug>584126</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/spice" auto="yes" arch="*">
+      <unaffected range="ge">0.12.7-r1</unaffected>
+      <vulnerable range="lt">0.12.7-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Provides a complete open source solution for remote access to virtual
+      machines in a seamless way so you can play videos, record audio, share
+      usb devices and share folders without complications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in spice, please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code. Additionally, a
+      local attacker could cause a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All spice users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/spice-0.12.7-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5260">CVE-2015-5260</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5260">CVE-2015-5260</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5261">CVE-2015-5261</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5261">CVE-2015-5261</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0749">CVE-2016-0749</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2150">CVE-2016-2150</uri>
+  </references>
+  <metadata tag="requester" timestamp="Wed, 18 Nov 2015 21:15:42 +0000">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="Thu, 16 Jun 2016 18:45:10 +0000">b-man</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-06.xml
new file mode 100644
index 0000000000..a9cd5355ac
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-06.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-06">
+  <title>nginx: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in nginx, the worst of
+    which may allow a remote attacker to cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild"></product>
+  <announced>June 17, 2016</announced>
+  <revised>June 17, 2016: 1</revised>
+  <bug>560854</bug>
+  <bug>573046</bug>
+  <bug>584744</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/nginx" auto="yes" arch="*">
+      <unaffected range="ge">1.10.1</unaffected>
+      <vulnerable range="lt">1.10.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>nginx is a robust, small, and high performance HTTP and reverse proxy
+      server.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in nginx. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly cause a Denial of Service condition via
+      a crafted packet.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All nginx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-1.10.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587">
+      CVE-2013-3587
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742">CVE-2016-0742</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746">CVE-2016-0746</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747">CVE-2016-0747</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450">CVE-2016-4450</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450">CVE-2016-4450</uri>
+  </references>
+  <metadata tag="requester" timestamp="Tue, 14 Jun 2016 08:44:21 +0000">b-man</metadata>
+  <metadata tag="submitter" timestamp="Fri, 17 Jun 2016 18:26:31 +0000">b-man</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-07.xml
new file mode 100644
index 0000000000..c589b40def
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-07.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-07">
+  <title>dhcpcd: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in dhcpcd allowing remote
+    attackers to possibly execute arbitrary code or cause a Denial of Service.
+  </synopsis>
+  <product type="ebuild"></product>
+  <announced>June 18, 2016</announced>
+  <revised>June 18, 2016: 2</revised>
+  <bug>571152</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dhcpcd" auto="yes" arch="*">
+      <unaffected range="ge">6.10.0</unaffected>
+      <vulnerable range="lt">6.10.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A fully featured, yet light weight RFC2131 compliant DHCP client</p>
+  </background>
+  <description>
+    <p>A heap overflow can be triggered via malformed DHCP responses in the
+      print_option (via dhcp_envoption1) due to incorrect option length values.
+       These vulnerabilities could also allow remote attackers to trigger an
+      invalid read/crash via malformed DHCP responses.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could possibly execute arbitrary code with the
+      privileges of the process or cause Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All dhcpcd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/dhcpcd-6.10.0”
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1503">CVE-2016-1503</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1504">CVE-2016-1504</uri>
+  </references>
+  <metadata tag="requester" timestamp="Mon, 08 Feb 2016 20:32:46 +0000">K_F</metadata>
+  <metadata tag="submitter" timestamp="Sat, 18 Jun 2016 19:11:50 +0000">b-man</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-08.xml
new file mode 100644
index 0000000000..8824cfd36f
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-08.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-08">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild"></product>
+  <announced>June 18, 2016</announced>
+  <revised>June 18, 2016: 1</revised>
+  <bug>579166</bug>
+  <bug>582670</bug>
+  <bug>586044</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">11.2.202.626</unaffected>
+      <vulnerable range="lt">11.2.202.626</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "www-plugins/adobe-flash-11.2.202.626"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019">CVE-2016-1019</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019">CVE-2016-1019</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019">CVE-2016-1019</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117">CVE-2016-4117</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117">CVE-2016-4117</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120">CVE-2016-4120</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120">CVE-2016-4120</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120">CVE-2016-4120</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4121">CVE-2016-4121</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4160">CVE-2016-4160</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4161">CVE-2016-4161</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4162">CVE-2016-4162</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4163">CVE-2016-4163</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171">CVE-2016-4171</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171">CVE-2016-4171</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171">CVE-2016-4171</uri>
+  </references>
+  <metadata tag="requester" timestamp="Fri, 17 Jun 2016 23:30:46 +0000">b-man</metadata>
+  <metadata tag="submitter" timestamp="Sat, 18 Jun 2016 23:47:05 +0000">b-man</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-09.xml
new file mode 100644
index 0000000000..46661c8205
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-09.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-09">
+  <title>FFmpeg: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FFmpeg, the worst of
+    which could lead to arbitrary code execution or Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild"></product>
+  <announced>June 18, 2016</announced>
+  <revised>June 18, 2016: 1</revised>
+  <bug>528554</bug>
+  <bug>553732</bug>
+  <bug>571868</bug>
+  <bug>577458</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/ffmpeg" auto="yes" arch="*">
+      <unaffected range="ge">2.8.6</unaffected>
+      <vulnerable range="lt">2.8.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FFmpeg is a complete, cross-platform solution to record, convert and
+      stream audio and video.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FFmpeg. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FFmpeg users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/ffmpeg-2.8.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9676">CVE-2014-9676</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1897">CVE-2016-1897</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1898">CVE-2016-1898</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2213">CVE-2016-2213</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2326">CVE-2016-2326</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2327">CVE-2016-2327</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2328">CVE-2016-2328</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2329">CVE-2016-2329</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2330">CVE-2016-2330</uri>
+  </references>
+  <metadata tag="requester" timestamp="Sun, 20 Mar 2016 12:22:08 +0000">b-man</metadata>
+  <metadata tag="submitter" timestamp="Sat, 18 Jun 2016 23:58:49 +0000">b-man</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-10.xml
new file mode 100644
index 0000000000..16f5d40e2e
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-10.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201606-10">
+  <title>PHP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PHP, the worst of which
+    could lead to arbitrary code execution, or cause a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">php</product>
+  <announced>June 19, 2016</announced>
+  <revised>June 19, 2016: 2</revised>
+  <bug>537586</bug>
+  <bug>541098</bug>
+  <bug>544186</bug>
+  <bug>544330</bug>
+  <bug>546872</bug>
+  <bug>549538</bug>
+  <bug>552408</bug>
+  <bug>555576</bug>
+  <bug>555830</bug>
+  <bug>556952</bug>
+  <bug>559612</bug>
+  <bug>562882</bug>
+  <bug>571254</bug>
+  <bug>573892</bug>
+  <bug>577376</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/php" auto="yes" arch="*">
+      <unaffected range="ge">5.6.19</unaffected>
+      <unaffected range="rge">5.5.33</unaffected>
+      <unaffected range="rge">5.5.34</unaffected>
+      <unaffected range="rge">5.5.35</unaffected>
+      <unaffected range="rge">5.5.36</unaffected>
+      <unaffected range="rge">5.5.37</unaffected>
+      <unaffected range="rge">5.5.38</unaffected>
+      <vulnerable range="lt">5.6.19</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHP is a widely-used general-purpose scripting language that is
+      especially suited for Web development and can be embedded into HTML.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker can possibly execute arbitrary code or create a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP
+      5.4 is now masked in Portage:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev=lang/php-5.5.33"
+    </code>
+    
+    <p>All PHP 5.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev=lang/php-5.5.33"
+    </code>
+    
+    <p>All PHP 5.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev=lang/php-5.6.19"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501">CVE-2013-6501</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705">CVE-2014-9705</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709">CVE-2014-9709</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231">CVE-2015-0231</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273">CVE-2015-0273</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351">CVE-2015-1351</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352">CVE-2015-1352</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301">CVE-2015-2301</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348">CVE-2015-2348</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783">CVE-2015-2783</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787">CVE-2015-2787</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329">CVE-2015-3329</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330">CVE-2015-3330</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021">CVE-2015-4021</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022">CVE-2015-4022</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025">CVE-2015-4025</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026">CVE-2015-4026</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147">CVE-2015-4147</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148">CVE-2015-4148</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642">CVE-2015-4642</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643">CVE-2015-4643</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644">CVE-2015-4644</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831">CVE-2015-6831</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832">CVE-2015-6832</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833">CVE-2015-6833</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834">CVE-2015-6834</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835">CVE-2015-6835</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836">CVE-2015-6836</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837">CVE-2015-6837</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838">CVE-2015-6838</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803">CVE-2015-7803</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804">CVE-2015-7804</uri>
+  </references>
+  <metadata tag="requester" timestamp="Sat, 18 Apr 2015 22:36:42 +0000">
+    BlueKnight
+  </metadata>
+  <metadata tag="submitter" timestamp="Sun, 19 Jun 2016 21:29:10 +0000">b-man</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
index 50b50e6704..26cd059be4 100644
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Tue, 17 May 2016 17:40:45 +0000
+Wed, 22 Jun 2016 17:40:47 +0000