bump(metadata/glsa): sync with upstream

2025-08-17 01:46:58 +02:00 · 2019-09-11 01:45:24 +00:00 · 2019-09-11 01:45:24 +00:00 · bb17e68802
commit bb17e68802
parent 80d6d5af9e
17 changed files with 718 additions and 20 deletions
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512

-MANIFEST Manifest.files.gz 446941 BLAKE2B 27348febfa1e8b0c37a6262b9e1c30afa2668e0702870fc19e3e8e049c8aa3fce3a0a847ecfdfa1843e08f25b1c541365b360bee2789c88b7c7abd1d0af7a0a4 SHA512 b604df11b0bda8c02e03d8c0f183f427ec63dd525e2cbd5b7473a5dbfd7112d964e04f46efec437421b06496482ba2148b26225bcbd4b736cd57023d4aeb1ea7
-TIMESTAMP 2019-08-24T03:38:57Z
+MANIFEST Manifest.files.gz 448845 BLAKE2B 24feded351e2c02762000f35c6c58ac935b2383bf6acdd7450f974e16e15fe0935d3f657233d5cd4ab87639ad5f410b8ea36fd5c019b93bfbfc47983ef01dbdc SHA512 569d13495f7e4953afefd29435d7953d3afa1815ae86459c1f4f84726efaaedc5598835f415738d792d2d1060be50cf8ad9140b7fcf124dd7f9ea681a55957ab
+TIMESTAMP 2019-09-11T01:08:54Z
 -----BEGIN PGP SIGNATURE-----

-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl1gsVJfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl14SSZfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDIUQ/8DqVraS5XpijcFx0dQ2wh744XUAv0P/6BYLho0bUpb59ZPZ5HocB9qAny
-Po3WeVcUUUyZWtoLSFbRXnk8w+1i4p/ghmcQ3+dH/CIznIC/MzPrQFyVasV+xlIm
-OgiVN/OkNKIIyjPghfhrAEqIQa0Bq99jOxo2eO+7yirmuNA4xmytjVuPr+oIbQ1a
-R5WvaXYmq58vA9zPVuMdnY4288QqfmBDqfnHDodEsim99/FGCEtI9yiNiIYEOnc+
-RWEAlc0msiHF3swIV1xsgpI9gqYiNm4da8dFoCQAaMJ4izzC7nMXfIDLgAyX8aSr
-ebincWbRbGoQndud5UUH7n79Q3H5LV5IKn3pbk0RpEgZbmWSFoZbOZ+xu9L7pyNf
-icYYO6zoir36SUUuLpPx3r59nTAoHDuT2Dq+OwDZMWMzbaVusFWu7/weNplSnn4z
-n8qhI0yVALYtsHFUBe+U7ISwqDxhffMRz/Os3NfQS+FzQJWB9AmRuglYr6g9NvPl
-DCK1Wl898YEXRpr8xapnAAHF0jHqykC3aKfrGl8L/l1aIPJ/eVyB67xj9cwXzx89
-nSR7lCsaBTBZPOqXwtomKtMrAKDFcp2ooZ8JgjYgrnnX48YBgWunDh/fk7jLho3Q
-WvXT229nvy12g81L5Lb8Dk2V38fS28jFFyjneSa45guw9QWocIg=
-=b+l5
+klDZSBAAqoFwooNC4OtE9pVq2cfjdzGkK9W5/lJi+aVvllk3srr5BHd8jakr9IJq
+DaXZNkdcNs+ZSU2pW8wF3KG7r6b5Ib0KTTYHuMCSXJHSYNLBW60x1YHOUoQYdPGb
+K26I7l61X742gFzmeGjXUaqUbN4Z99iYBTLD7VnYQCSMDPLirNF+0Mi35lrXA8OO
+9nX63kLgvrmRpArBhjeR41JlfjqC5yqES3KWYYuzMO+V7L7smP9zmgf2NI9lZfCm
+HIh4exi0xmHr0ZgW4wZgvLFuAxHE4BoMO+z5mW1Qb7CkTdEeizWsMxdQiGRgOT12
+WTUV3qW5QfHYTNuDHxhfrfRPQ6/+EhosLRrxWO0EHoYh/GNUJ/TdQATADJa+whLy
+sXm9tuX/LriOlB1bPx6SakW2BNbTmve4XwocNKUh2Th02C9WsTiK4hNARnct+644
+FUuKCiCXK8/r1isozPY0YcnwDuQvBAS3diYo9b641BpCCSlhPqJuZDvl/9CFnqLF
+z4LydlDnarNKWY1HXcrQnlzwwyPxpDHjfp2Mugrc4P0Nyr99/Vboale/rjIlZXFi
+idIDlJZqTsznd1bM7vdZ4rzEsAbwS2DtWgfDk5xzHP9uYjt7srjrwT8PPHXf3fDn
+MT6ZGrkgpOHqC/LswBWMNvzRJqTp1Zod08wjwJbr6XLWTK+z+vE=
+=OjnX
 -----END PGP SIGNATURE-----
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-03.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-03.xml
@ -7,7 +7,7 @@
  </synopsis>
  <product type="ebuild">jasper</product>
  <announced>2019-08-09</announced>
-  <revised count="2">2019-08-09</revised>
+  <revised count="3">2019-08-28</revised>
  <bug>614028</bug>
  <bug>614032</bug>
  <bug>624988</bug>
@ -63,7 +63,6 @@
    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13753">CVE-2017-13753</uri>
    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14132">CVE-2017-14132</uri>
    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14229">CVE-2017-14229</uri>
-    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14232">CVE-2017-14232</uri>
    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5503">CVE-2017-5503</uri>
    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5504">CVE-2017-5504</uri>
    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5505">CVE-2017-5505</uri>
@ -76,5 +75,5 @@
    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9154">CVE-2018-9154</uri>
  </references>
  <metadata tag="requester" timestamp="2019-08-04T18:37:11Z">b-man</metadata>
-  <metadata tag="submitter" timestamp="2019-08-09T22:17:32Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-28T22:02:05Z">b-man</metadata>
 </glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-26.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-26.xml
@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-26">
+  <title>libofx: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libofx, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libofx</product>
+  <announced>2019-08-31</announced>
+  <revised count="1">2019-08-31</revised>
+  <bug>631304</bug>
+  <bug>636062</bug>
+  <bug>662910</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libofx" auto="yes" arch="*">
+      <unaffected range="ge">0.9.14</unaffected>
+      <vulnerable range="lt">0.9.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A library to support the Open Financial eXchange XML format</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libofx. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      file using an application linked against libofx, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libofx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libofx-0.9.14"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14731">CVE-2017-14731</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2816">CVE-2017-2816</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2920">CVE-2017-2920</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-18T02:20:40Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-31T15:00:19Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-27.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-27.xml
@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-27">
+  <title>Nautilus: Security bypass</title>
+  <synopsis>A vulnerability in Nautilus may allow attackers to escape the
+    sandbox.
+  </synopsis>
+  <product type="ebuild">nautilus</product>
+  <announced>2019-08-31</announced>
+  <revised count="1">2019-08-31</revised>
+  <bug>692784</bug>
+  <access>local</access>
+  <affected>
+    <package name="gnome-base/nautilus" auto="yes" arch="*">
+      <unaffected range="ge">3.30.5-r1</unaffected>
+      <vulnerable range="lt">3.30.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Default file manager for the GNOME desktop</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in Nautilus which allows an attacker to
+      escape the sandbox.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly bypass sandbox protection.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Nautilus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=gnome-base/nautilus-3.30.5-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11461">CVE-2019-11461</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-26T21:48:06Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-31T15:00:33Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-28.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-28.xml
@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-28">
+  <title>GNOME desktop library: Security bypass</title>
+  <synopsis>A vulnerability in the GNOME desktop library may allow attackers to
+    escape the sandbox.
+  </synopsis>
+  <product type="ebuild">gnome-desktop</product>
+  <announced>2019-08-31</announced>
+  <revised count="1">2019-08-31</revised>
+  <bug>692782</bug>
+  <access>local</access>
+  <affected>
+    <package name="gnome-base/gnome-desktop" auto="yes" arch="*">
+      <unaffected range="ge">3.30.2.3</unaffected>
+      <vulnerable range="lt">3.30.2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Library with common API for various GNOME modules.</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in the GNOME desktop library which allows
+      an attacker to escape the sandbox.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly bypass sandbox protection.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNOME desktop library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=gnome-base/gnome-desktop-3.30.2.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11460">CVE-2019-11460</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-31T14:55:07Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-08-31T21:05:16Z">whissi</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-29.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-29.xml
@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-29">
+  <title>Dovecot: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Dovecot, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">dovecot</product>
+  <announced>2019-08-31</announced>
+  <revised count="1">2019-08-31</revised>
+  <bug>683732</bug>
+  <bug>692572</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-mail/dovecot" auto="yes" arch="*">
+      <unaffected range="ge">2.3.7.2</unaffected>
+      <vulnerable range="lt">2.3.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dovecot is an open source IMAP and POP3 email server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Dovecot. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An unauthenticated remote attacker could send a specially crafted mail
+      or use crafted IMAP commands possibly resulting in the execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dovecot users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-2.3.7.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10691">CVE-2019-10691</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11500">CVE-2019-11500</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-31T14:29:36Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-08-31T21:05:29Z">whissi</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-01.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-01.xml
@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-01">
+  <title>Perl: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Perl, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">perl</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>653432</bug>
+  <bug>670190</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.28.2</unaffected>
+      <vulnerable range="lt">5.28.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Perl is a highly capable, feature-rich programming language.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Perl. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Perl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/perl-5.28.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18311">CVE-2018-18311</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18312">CVE-2018-18312</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18313">CVE-2018-18313</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18314">CVE-2018-18314</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6797">CVE-2018-6797</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6798">CVE-2018-6798</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6913">CVE-2018-6913</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-01T00:43:08Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:00:53Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-02.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-02.xml
@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-02">
+  <title>VLC: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VLC, the worst of which
+    could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>689974</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">3.0.8</unaffected>
+      <vulnerable range="lt">3.0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VLC is a cross-platform media player and streaming server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VLC. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VLC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-3.0.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13602">CVE-2019-13602</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13962">CVE-2019-13962</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14437">CVE-2019-14437</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14438">CVE-2019-14438</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14498">CVE-2019-14498</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14533">CVE-2019-14533</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14534">CVE-2019-14534</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14535">CVE-2019-14535</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14776">CVE-2019-14776</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14777">CVE-2019-14777</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14778">CVE-2019-14778</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14970">CVE-2019-14970</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-02T22:22:22Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:01:08Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-03.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-03.xml
@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-03">
+  <title>Pango: Buffer overflow</title>
+  <synopsis>A buffer overflow in Pango might allow an attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">pango</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>692110</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/pango" auto="yes" arch="*">
+      <unaffected range="ge">1.42.4-r2</unaffected>
+      <vulnerable range="lt">1.42.4-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pango is a library for layout and rendering of internationalized text.</p>
+  </background>
+  <description>
+    <p>A buffer overflow has been discovered in Pango’s
+      pango_log2vis_get_embedding_levels function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      string with functions like pango_itemize, possibly resulting in execution
+      of arbitrary code with the privileges of the process or a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pango users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/pango-1.42.4-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1010238">
+      CVE-2019-1010238
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-02T22:32:20Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:01:18Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-04.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-04.xml
@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-04">
+  <title>Apache: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>692172</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.4.41</unaffected>
+      <vulnerable range="lt">2.4.41</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Apache HTTP server is one of the most popular web servers on the
+      Internet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.4.41"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10081">CVE-2019-10081</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10082">CVE-2019-10082</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10092">CVE-2019-10092</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10097">CVE-2019-10097</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10098">CVE-2019-10098</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9517">CVE-2019-9517</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-02T22:39:09Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:01:34Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-05.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-05.xml
@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-05">
+  <title>WebkitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">webkitgtk+</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>683234</bug>
+  <bug>686216</bug>
+  <bug>693122</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.24.4</unaffected>
+      <vulnerable range="lt">2.24.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebkitGTK+. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, by enticing a user to visit maliciously crafted web
+      content, may be able to execute arbitrary code or cause memory
+      corruption.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebkitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.24.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11070">CVE-2019-11070</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6201">CVE-2019-6201</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6251">CVE-2019-6251</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7285">CVE-2019-7285</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7292">CVE-2019-7292</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8503">CVE-2019-8503</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8506">CVE-2019-8506</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8515">CVE-2019-8515</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8518">CVE-2019-8518</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8523">CVE-2019-8523</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8524">CVE-2019-8524</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8535">CVE-2019-8535</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8536">CVE-2019-8536</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8544">CVE-2019-8544</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8551">CVE-2019-8551</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8558">CVE-2019-8558</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8559">CVE-2019-8559</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8563">CVE-2019-8563</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8595">CVE-2019-8595</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8607">CVE-2019-8607</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8615">CVE-2019-8615</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8644">CVE-2019-8644</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8644">CVE-2019-8644</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8649">CVE-2019-8649</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8649">CVE-2019-8649</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8658">CVE-2019-8658</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8658">CVE-2019-8658</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8666">CVE-2019-8666</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8666">CVE-2019-8666</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8669">CVE-2019-8669</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8669">CVE-2019-8669</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8671">CVE-2019-8671</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8671">CVE-2019-8671</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8672">CVE-2019-8672</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8672">CVE-2019-8672</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8673">CVE-2019-8673</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8673">CVE-2019-8673</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8676">CVE-2019-8676</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8676">CVE-2019-8676</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8677">CVE-2019-8677</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8677">CVE-2019-8677</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8678">CVE-2019-8678</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8678">CVE-2019-8678</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8679">CVE-2019-8679</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8679">CVE-2019-8679</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8680">CVE-2019-8680</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8680">CVE-2019-8680</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8681">CVE-2019-8681</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8681">CVE-2019-8681</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8683">CVE-2019-8683</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8683">CVE-2019-8683</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8684">CVE-2019-8684</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8684">CVE-2019-8684</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8686">CVE-2019-8686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8686">CVE-2019-8686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8687">CVE-2019-8687</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8687">CVE-2019-8687</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8688">CVE-2019-8688</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8688">CVE-2019-8688</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8689">CVE-2019-8689</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8689">CVE-2019-8689</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8690">CVE-2019-8690</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8690">CVE-2019-8690</uri>
+    <uri link="https://webkitgtk.org/security/WSA-2019-0002.html">WSA-2019-0002</uri>
+    <uri link="https://webkitgtk.org/security/WSA-2019-0004.html">WSA-2019-0004</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-02T22:15:30Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:01:55Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-06.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-06.xml
@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-06">
+  <title>Exim: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Exim, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">exim</product>
+  <announced>2019-09-07</announced>
+  <revised count="1">2019-09-07</revised>
+  <bug>692394</bug>
+  <bug>693494</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.92.2</unaffected>
+      <vulnerable range="lt">4.92.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exim is a message transfer agent (MTA) designed to be a a highly
+      configurable, drop-in replacement for sendmail.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Exim. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by connecting to the SMTP listener daemon, could
+      possibly execute arbitrary code with the privileges of the process or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.92.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13917">CVE-2019-13917</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15846">CVE-2019-15846</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-06T15:35:36Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-09-07T00:22:35Z">whissi</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-07.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-07.xml
@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-07">
+  <title>Simple DirectMedia Layer: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Simple DirectMedia
+    Layer, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libsdl2</product>
+  <announced>2019-09-08</announced>
+  <revised count="1">2019-09-08</revised>
+  <bug>690064</bug>
+  <bug>692392</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libsdl2" auto="yes" arch="*">
+      <unaffected range="ge">2.0.10</unaffected>
+      <vulnerable range="lt">2.0.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Simple DirectMedia Layer is a cross-platform development library
+      designed to provide low level access to audio, keyboard, mouse, joystick,
+      and graphics hardware via OpenGL and Direct3D.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Simple DirectMedia
+      Layer. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      audio or video, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Simple DirectMedia Layer users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libsdl2-2.0.10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13626">CVE-2019-13626</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7572">CVE-2019-7572</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7573">CVE-2019-7573</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7574">CVE-2019-7574</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7575">CVE-2019-7575</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7576">CVE-2019-7576</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7577">CVE-2019-7577</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7578">CVE-2019-7578</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7635">CVE-2019-7635</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7636">CVE-2019-7636</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7638">CVE-2019-7638</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-07T00:08:23Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-08T17:40:28Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-08.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-08.xml
@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-08">
+  <title>D-Bus: Authentication bypass</title>
+  <synopsis>An authentication bypass was discovered in D-Bus.</synopsis>
+  <product type="ebuild">dbus</product>
+  <announced>2019-09-08</announced>
+  <revised count="1">2019-09-08</revised>
+  <bug>687900</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/dbus" auto="yes" arch="*">
+      <unaffected range="ge">1.12.16</unaffected>
+      <vulnerable range="lt">1.12.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>D-Bus is a message bus system which processes can use to talk to each
+      other.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that a local attacker could manipulate symbolic links
+      in their own home directory to bypass authentication and connect to a
+      DBusServer with elevated privileges.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker can bypass authentication mechanisms and elevate
+      privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All D-Bus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.12.16"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12749">CVE-2019-12749</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-07T17:12:55Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-08T17:40:45Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
@ -1 +1 @@
-Sat, 24 Aug 2019 03:38:54 +0000
+Wed, 11 Sep 2019 01:08:51 +0000
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
@ -1 +1 @@
-55b0fff2f98b275d6a6bcaf8e12164157936324c 1566095478 2019-08-18T02:31:18+00:00
+0d8b041795d355b2f8da9b84725a62150a91dc13 1567964538 2019-09-08T17:42:18+00:00