bump(metadata/glsa): sync with upstream

2025-08-16 09:26:58 +02:00 · 2019-08-24 04:04:09 +00:00 · 2019-08-24 04:04:09 +00:00 · c197f87d63
commit c197f87d63
parent 7903b9dcc2
27 changed files with 1555 additions and 17 deletions
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512

-MANIFEST Manifest.files.gz 443284 BLAKE2B 24919ac10412f9b00a154077aa3622b6287002f3ca6c6ce41b9dc188e5a3fbe6270e9e94c4d7b17f66e6e4d6cad9250e459897ed52412efbc9dcf09ef673d16e SHA512 fa2eb00f68c25c2fbc1cebc5a053e0da1e8a554cb5db4bf38187ca24071873c7fdf6659c6bb2f5a4c74c591043d21a65999f7ff50b5d2e61317903c2e7499822
-TIMESTAMP 2019-08-03T15:09:02Z
+MANIFEST Manifest.files.gz 446941 BLAKE2B 27348febfa1e8b0c37a6262b9e1c30afa2668e0702870fc19e3e8e049c8aa3fce3a0a847ecfdfa1843e08f25b1c541365b360bee2789c88b7c7abd1d0af7a0a4 SHA512 b604df11b0bda8c02e03d8c0f183f427ec63dd525e2cbd5b7473a5dbfd7112d964e04f46efec437421b06496482ba2148b26225bcbd4b736cd57023d4aeb1ea7
+TIMESTAMP 2019-08-24T03:38:57Z
 -----BEGIN PGP SIGNATURE-----

-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl1Fo45fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl1gsVJfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAmfw//WiUkJtGO6f70EEkJWmF+jMQG+j1EynZt7Pf7AqyiwiOXiIC8kEG+oJSO
-DpE/0uzCgDFiwl2IXcjLVU06Dhsl+FhGr1yi3hvnBBmzealhObW114A6J/3T0Xig
-pheXUGPWCbPpTiPb51Xf+ZuAemzMlL40FzNLH/jZWnStBSucmWuBOZXvZgtR6Kvd
-39oT/xte46BpJzddJ3npX8aLOI03p42YGlfw3R3zI0KTrYtIWlq+5Ebjxput5H2d
-eZb0azrM07TwyLTpwqkKNwfmAFrrFT0B+b1zsiE20hwEmo1+0o3daHcLjEAblwee
-DeSKntSg7PDvWE8vwCPNFnmnbBw78gpC0bidRcv+z48vv6+GPGoBaDcBiozAa+x1
-OVENHoztc08j1Lv9FJqTJx0yPLnQsie9R5x4C92rFqOyKPDlUGEw0aQweWoQQBOD
-ls4q9XV9P3wc+pilTrzxEo/2Yu1J3AHCI3TsQ4ZZjPgK+WPkRZeyeqEM/Yp4450j
-/K/Dc47XXr2NiHxQMkf0Ytm/IatVemhntzdovKTNzoPqKiSsI3NwNvxNRb4pV3SI
-xTpM/ildMGEAy2X6KDHk6U8+FQjXIuy2Mn007qkPzGMxAPY9wC1l8/KL/tC7usJ3
-0JsXCUW/zHLdoLR3O99fPKI+u7W+Rrn5zWpUQ9xQQgTJ0p/8uek=
-=Omq0
+klDIUQ/8DqVraS5XpijcFx0dQ2wh744XUAv0P/6BYLho0bUpb59ZPZ5HocB9qAny
+Po3WeVcUUUyZWtoLSFbRXnk8w+1i4p/ghmcQ3+dH/CIznIC/MzPrQFyVasV+xlIm
+OgiVN/OkNKIIyjPghfhrAEqIQa0Bq99jOxo2eO+7yirmuNA4xmytjVuPr+oIbQ1a
+R5WvaXYmq58vA9zPVuMdnY4288QqfmBDqfnHDodEsim99/FGCEtI9yiNiIYEOnc+
+RWEAlc0msiHF3swIV1xsgpI9gqYiNm4da8dFoCQAaMJ4izzC7nMXfIDLgAyX8aSr
+ebincWbRbGoQndud5UUH7n79Q3H5LV5IKn3pbk0RpEgZbmWSFoZbOZ+xu9L7pyNf
+icYYO6zoir36SUUuLpPx3r59nTAoHDuT2Dq+OwDZMWMzbaVusFWu7/weNplSnn4z
+n8qhI0yVALYtsHFUBe+U7ISwqDxhffMRz/Os3NfQS+FzQJWB9AmRuglYr6g9NvPl
+DCK1Wl898YEXRpr8xapnAAHF0jHqykC3aKfrGl8L/l1aIPJ/eVyB67xj9cwXzx89
+nSR7lCsaBTBZPOqXwtomKtMrAKDFcp2ooZ8JgjYgrnnX48YBgWunDh/fk7jLho3Q
+WvXT229nvy12g81L5Lb8Dk2V38fS28jFFyjneSa45guw9QWocIg=
+=b+l5
 -----END PGP SIGNATURE-----
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-03.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-03.xml
@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-03">
+  <title>JasPer: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in JasPer, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">jasper</product>
+  <announced>2019-08-09</announced>
+  <revised count="2">2019-08-09</revised>
+  <bug>614028</bug>
+  <bug>614032</bug>
+  <bug>624988</bug>
+  <bug>629286</bug>
+  <bug>635552</bug>
+  <bug>662160</bug>
+  <bug>674154</bug>
+  <bug>674214</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/jasper" auto="yes" arch="*">
+      <vulnerable range="le">2.0.16</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>JasPer is a software-based implementation of the codec specified in the
+      JPEG-2000 Part-1 standard.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in JasPer. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>JasPer is no longer maintained upstream and contains many
+      vulnerabilities which remain unaddressed. Gentoo users are advised to
+      unmerge this package.
+    </p>
+    
+    <code>
+      # emerge --unmerge media-libs/jasper
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-1000050">
+      CVE-2017-1000050
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13745">CVE-2017-13745</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13746">CVE-2017-13746</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13747">CVE-2017-13747</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13748">CVE-2017-13748</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13749">CVE-2017-13749</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13750">CVE-2017-13750</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13751">CVE-2017-13751</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13752">CVE-2017-13752</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13753">CVE-2017-13753</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14132">CVE-2017-14132</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14229">CVE-2017-14229</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14232">CVE-2017-14232</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5503">CVE-2017-5503</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5504">CVE-2017-5504</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5505">CVE-2017-5505</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-6851">CVE-2017-6851</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-6852">CVE-2017-6852</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9782">CVE-2017-9782</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18873">CVE-2018-18873</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20584">CVE-2018-20584</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9055">CVE-2018-9055</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9154">CVE-2018-9154</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-04T18:37:11Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-09T22:17:32Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-04.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-04.xml
@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-04">
+  <title>Redis: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Redis, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">redis</product>
+  <announced>2019-08-09</announced>
+  <revised count="1">2019-08-09</revised>
+  <bug>658066</bug>
+  <bug>689700</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/redis" auto="yes" arch="*">
+      <unaffected range="ge">4.0.14</unaffected>
+      <vulnerable range="lt">4.0.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Redis is an open source (BSD licensed), in-memory data structure store,
+      used as a database, cache and message broker.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Redis. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Redis users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/redis-4.0.14"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11218">CVE-2018-11218</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11219">CVE-2018-11219</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10192">CVE-2019-10192</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10193">CVE-2019-10193</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-03T15:15:24Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-09T20:41:48Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-05.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-05.xml
@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-05">
+  <title>LibVNCServer: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibVNCServer, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libvncserver</product>
+  <announced>2019-08-09</announced>
+  <revised count="1">2019-08-09</revised>
+  <bug>659560</bug>
+  <bug>673508</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libvncserver" auto="yes" arch="*">
+      <unaffected range="ge">0.9.12</unaffected>
+      <vulnerable range="lt">0.9.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibVNCServer/LibVNCClient are cross-platform C libraries that allow you
+      to easily implement VNC server or client functionality in your program.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibVNCServer. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibVNCServer users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libvncserver-0.9.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20019">CVE-2018-20019</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20020">CVE-2018-20020</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20021">CVE-2018-20021</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20022">CVE-2018-20022</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20023">CVE-2018-20023</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20024">CVE-2018-20024</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7225">CVE-2018-7225</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7226">CVE-2018-7226</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-04T18:16:50Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-09T20:45:14Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-06.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-06.xml
@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-06">
+  <title>glibc: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in glibc, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>609386</bug>
+  <bug>635012</bug>
+  <bug>672228</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.28-r4</unaffected>
+      <vulnerable range="lt">2.28-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>glibc is a package that contains the GNU C library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in glibc. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All glibc users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.28-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2015-8985">CVE-2015-8985</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-6263">CVE-2016-6263</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19591">CVE-2018-19591</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-03T12:43:48Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:38:53Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-07.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-07.xml
@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-07">
+  <title>KDE KConfig: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerablity has been found in KDE KConfig that could allow a
+    remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">kconfig</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>691858</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-frameworks/kconfig" auto="yes" arch="*">
+      <unaffected range="ge">5.60.0-r1</unaffected>
+      <vulnerable range="lt">5.60.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Provides an advanced configuration system.</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in KDE KConfig’s handling of .desktop
+      and .directory files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could entice a user to execute a specially crafted .desktop
+      or .directory file possibly resulting in execution of arbitrary code with
+      the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All KConfig users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=kde-frameworks/kconfig-5.60.0-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14744">CVE-2019-14744</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-09T20:56:22Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:41:03Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-08.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-08.xml
@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-08">
+  <title>CUPS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in CUPS, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">cups</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>660954</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-print/cups" auto="yes" arch="*">
+      <unaffected range="ge">2.2.8</unaffected>
+      <vulnerable range="lt">2.2.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>CUPS, the Common Unix Printing System, is a full-featured print server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in CUPS. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All CUPS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-print/cups-2.2.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15400">CVE-2017-15400</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4180">CVE-2018-4180</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4181">CVE-2018-4181</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4182">CVE-2018-4182</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4183">CVE-2018-4183</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6553">CVE-2018-6553</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-10T20:43:16Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:43:11Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-09.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-09.xml
@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-09">
+  <title>SQLite: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in SQLite, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">sqlite</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>684840</bug>
+  <bug>685838</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/sqlite" auto="yes" arch="*">
+      <unaffected range="ge">3.28.0</unaffected>
+      <vulnerable range="lt">3.28.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SQLite is a C library that implements an SQL database engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SQLite. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could, by executing arbitrary SQL statements against a
+      vulnerable host, execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SQLite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/sqlite-3.28.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5018">CVE-2019-5018</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9936">CVE-2019-9936</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9937">CVE-2019-9937</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-09T20:49:17Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:45:09Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-10.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-10.xml
@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-10">
+  <title>Oracle JDK/JRE: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Oracle’s JDK and JRE
+    software suites.
+  </synopsis>
+  <product type="ebuild">oracle,jre,jdk</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>668948</bug>
+  <bug>691336</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="1.8">1.8.0.202</unaffected>
+      <vulnerable range="lt" slot="1.8">1.8.0.202</vulnerable>
+    </package>
+    <package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="1.8">1.8.0.202</unaffected>
+      <vulnerable range="lt" slot="1.8">1.8.0.202</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
+      Java applications on desktops and servers, as well as in today’s
+      demanding embedded environments. Java offers the rich user interface,
+      performance, versatility, portability, and security that today’s
+      applications require.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Oracle’s JDK and JRE
+      software suites. Please review the CVE identifiers referenced below for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Oracle JDK bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jdk-bin-1.8.0.202:1.8"
+    </code>
+    
+    <p>All Oracle JRE bin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/oracle-jre-bin-1.8.0.202:1.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-13785">CVE-2018-13785</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3136">CVE-2018-3136</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3139">CVE-2018-3139</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3149">CVE-2018-3149</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3150">CVE-2018-3150</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3157">CVE-2018-3157</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3169">CVE-2018-3169</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3180">CVE-2018-3180</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3183">CVE-2018-3183</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3209">CVE-2018-3209</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3211">CVE-2018-3211</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3214">CVE-2018-3214</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2602">CVE-2019-2602</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2684">CVE-2019-2684</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2697">CVE-2019-2697</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2698">CVE-2019-2698</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2699">CVE-2019-2699</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-27T05:36:16Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:48:13Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-11.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-11.xml
@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-11">
+  <title>libarchive: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libarchive, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libarchive</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>631294</bug>
+  <bug>636070</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-arch/libarchive" auto="yes" arch="*">
+      <unaffected range="ge">3.3.3</unaffected>
+      <vulnerable range="lt">3.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libarchive is a library for manipulating different streaming archive
+      formats, including certain tar variants, several cpio formats, and both
+      BSD and GNU ar variants.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libarchive. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libarchive users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/libarchive-3.3.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14166">CVE-2017-14166</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14501">CVE-2017-14501</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14502">CVE-2017-14502</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14503">CVE-2017-14503</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-10T17:06:02Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:49:48Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-12.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-12.xml
@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-12">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>688332</bug>
+  <bug>690626</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">60.8.0</unaffected>
+      <vulnerable range="lt">60.8.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">60.8.0</unaffected>
+      <vulnerable range="lt">60.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page, possibly resulting in the execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-60.8.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-60.8.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11707">CVE-2019-11707</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11708">CVE-2019-11708</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11709">CVE-2019-11709</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11710">CVE-2019-11710</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11711">CVE-2019-11711</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11712">CVE-2019-11712</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11713">CVE-2019-11713</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11714">CVE-2019-11714</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11715">CVE-2019-11715</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11716">CVE-2019-11716</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11717">CVE-2019-11717</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11718">CVE-2019-11718</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11719">CVE-2019-11719</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11720">CVE-2019-11720</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11721">CVE-2019-11721</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11723">CVE-2019-11723</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11724">CVE-2019-11724</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11725">CVE-2019-11725</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11727">CVE-2019-11727</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11728">CVE-2019-11728</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11729">CVE-2019-11729</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11730">CVE-2019-11730</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9811">CVE-2019-9811</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/">
+      MFSA2019-18
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/">
+      MFSA2019-19
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/">
+      MFSA2019-21
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/">
+      MFSA2019-22
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-06-20T18:12:58Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:52:20Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-13.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-13.xml
@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-13">
+  <title>LibreOffice: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibreOffice, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libreoffice</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>690354</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-office/libreoffice" auto="yes" arch="*">
+      <unaffected range="ge">6.2.5.2</unaffected>
+      <vulnerable range="lt">6.2.5.2</vulnerable>
+    </package>
+    <package name="app-office/libreoffice-bin" auto="yes" arch="*">
+      <unaffected range="ge">6.2.5.2</unaffected>
+      <vulnerable range="lt">6.2.5.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibreOffice is a powerful office suite; its clean interface and powerful
+      tools let you unleash your creativity and grow your productivity.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibreOffice. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibreOffice users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-office/libreoffice-6.2.5.2"
+    </code>
+    
+    <p>All LibreOffice binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-office/libreoffice-bin-6.2.5.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9848">CVE-2019-9848</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9849">CVE-2019-9849</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-10T20:59:28Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:53:38Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-14.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-14.xml
@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-14">
+  <title>polkit: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in polkit, the worst of
+    which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">polkit</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>661470</bug>
+  <bug>672578</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-auth/polkit" auto="yes" arch="*">
+      <unaffected range="ge">0.115-r2</unaffected>
+      <vulnerable range="lt">0.115-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>polkit is a toolkit for managing policies relating to unprivileged
+      processes communicating with privileged processes.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in polkit. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All polkit users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-auth/polkit-0.115-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1116">CVE-2018-1116</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19788">CVE-2018-19788</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-11T21:46:16Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:54:53Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-15.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-15.xml
@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-15">
+  <title>ZNC: Privilege escalation</title>
+  <synopsis>A vulnerability in ZNC allows users to escalate privileges.</synopsis>
+  <product type="ebuild">znc</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>688152</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/znc" auto="yes" arch="*">
+      <unaffected range="ge">1.7.4_rc1</unaffected>
+      <vulnerable range="lt">1.7.4_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ZNC is an advanced IRC bouncer.</p>
+  </background>
+  <description>
+    <p>It was discovered that ZNC’s “Modules.cpp” allows remote
+      authenticated non-admin users to escalate privileges.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote authenticated attacker could escalate privileges and
+      subsequently execute arbitrary code or conduct a Denial of Service
+      attack.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ZNC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/znc-1.7.4_rc1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12816">CVE-2019-12816</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-11T22:44:54Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:56:13Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-16.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-16.xml
@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-16">
+  <title>ProFTPD: Remote code execution</title>
+  <synopsis>A vulnerability in ProFTPD could result in the arbitrary execution
+    of code.
+  </synopsis>
+  <product type="ebuild">proftpd</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>690528</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-ftp/proftpd" auto="yes" arch="*">
+      <unaffected range="ge">1.3.6-r5</unaffected>
+      <vulnerable range="lt">1.3.6-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ProFTPD is an advanced and very configurable FTP server.</p>
+  </background>
+  <description>
+    <p>It was discovered that ProFTPD’s “mod_copy” module does not
+      properly restrict privileges for anonymous users.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by anonymously uploading a malicious file, could
+      possibly execute arbitrary code with the privileges of the process, cause
+      a Denial of Service condition or disclose information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ProFTPD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-ftp/proftpd-1.3.6-r5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12815">CVE-2019-12815</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-11T22:56:34Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:57:27Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-17.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-17.xml
@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-17">
+  <title>ZeroMQ: Arbitrary code execution</title>
+  <synopsis>A vulnerability in ZeroMQ might allow an attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">zeromq</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>689426</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/zeromq" auto="yes" arch="*">
+      <unaffected range="ge">4.3.2</unaffected>
+      <vulnerable range="lt">4.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Looks like an embeddable networking library but acts like a concurrency
+      framework.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow was discovered in ZeroMQ.</p>
+  </description>
+  <impact type="high">
+    <p>An attacker could possibly execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ZeroMQ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/zeromq-4.3.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13132">CVE-2019-13132</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-11T22:35:49Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T15:58:45Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-18.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-18.xml
@ -0,0 +1,206 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-18">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">chorme,chromium</product>
+  <announced>2019-08-15</announced>
+  <revised count="2">2019-08-16</revised>
+  <bug>672606</bug>
+  <bug>684238</bug>
+  <bug>684272</bug>
+  <bug>687732</bug>
+  <bug>688072</bug>
+  <bug>689944</bug>
+  <bug>691098</bug>
+  <bug>691682</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">76.0.3809.100</unaffected>
+      <vulnerable range="lt">76.0.3809.100</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">76.0.3809.100</unaffected>
+      <vulnerable range="lt">76.0.3809.100</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the referenced CVE identifiers and Google Chrome
+      Releases for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-76.0.3809.100"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-76.0.3809.100"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5805">CVE-2019-5805</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5806">CVE-2019-5806</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5807">CVE-2019-5807</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5808">CVE-2019-5808</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5809">CVE-2019-5809</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5810">CVE-2019-5810</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5811">CVE-2019-5811</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5812">CVE-2019-5812</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5813">CVE-2019-5813</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5814">CVE-2019-5814</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5815">CVE-2019-5815</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5816">CVE-2019-5816</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5817">CVE-2019-5817</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5818">CVE-2019-5818</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5819">CVE-2019-5819</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5820">CVE-2019-5820</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5821">CVE-2019-5821</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5822">CVE-2019-5822</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5823">CVE-2019-5823</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5828">CVE-2019-5828</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5829">CVE-2019-5829</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5830">CVE-2019-5830</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5831">CVE-2019-5831</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5832">CVE-2019-5832</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5833">CVE-2019-5833</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5834">CVE-2019-5834</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5835">CVE-2019-5835</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5836">CVE-2019-5836</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5837">CVE-2019-5837</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5838">CVE-2019-5838</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5839">CVE-2019-5839</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5840">CVE-2019-5840</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5842">CVE-2019-5842</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5847">CVE-2019-5847</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5848">CVE-2019-5848</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5850">CVE-2019-5850</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5851">CVE-2019-5851</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5852">CVE-2019-5852</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5853">CVE-2019-5853</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5854">CVE-2019-5854</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5855">CVE-2019-5855</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5856">CVE-2019-5856</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5857">CVE-2019-5857</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5858">CVE-2019-5858</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5859">CVE-2019-5859</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5860">CVE-2019-5860</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5861">CVE-2019-5861</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5862">CVE-2019-5862</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5863">CVE-2019-5863</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5864">CVE-2019-5864</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5865">CVE-2019-5865</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5867">CVE-2019-5867</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5868">CVE-2019-5868</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17480">CVE-2018-17480</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17481">CVE-2018-17481</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18335">CVE-2018-18335</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18336">CVE-2018-18336</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18337">CVE-2018-18337</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18338">CVE-2018-18338</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18339">CVE-2018-18339</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18340">CVE-2018-18340</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18341">CVE-2018-18341</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18342">CVE-2018-18342</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18343">CVE-2018-18343</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18344">CVE-2018-18344</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18345">CVE-2018-18345</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18346">CVE-2018-18346</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18347">CVE-2018-18347</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18348">CVE-2018-18348</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18349">CVE-2018-18349</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18350">CVE-2018-18350</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18351">CVE-2018-18351</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18352">CVE-2018-18352</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18353">CVE-2018-18353</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18354">CVE-2018-18354</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18355">CVE-2018-18355</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18356">CVE-2018-18356</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18357">CVE-2018-18357</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18358">CVE-2018-18358</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18359">CVE-2018-18359</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5805">CVE-2019-5805</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5806">CVE-2019-5806</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5807">CVE-2019-5807</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5808">CVE-2019-5808</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5809">CVE-2019-5809</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5810">CVE-2019-5810</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5811">CVE-2019-5811</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5812">CVE-2019-5812</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5813">CVE-2019-5813</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5814">CVE-2019-5814</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5815">CVE-2019-5815</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5816">CVE-2019-5816</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5817">CVE-2019-5817</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5818">CVE-2019-5818</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5819">CVE-2019-5819</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5820">CVE-2019-5820</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5821">CVE-2019-5821</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5822">CVE-2019-5822</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5823">CVE-2019-5823</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5828">CVE-2019-5828</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5829">CVE-2019-5829</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5830">CVE-2019-5830</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5831">CVE-2019-5831</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5832">CVE-2019-5832</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5833">CVE-2019-5833</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5834">CVE-2019-5834</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5835">CVE-2019-5835</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5836">CVE-2019-5836</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5837">CVE-2019-5837</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5838">CVE-2019-5838</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5839">CVE-2019-5839</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5840">CVE-2019-5840</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5842">CVE-2019-5842</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5847">CVE-2019-5847</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5848">CVE-2019-5848</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5850">CVE-2019-5850</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5851">CVE-2019-5851</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5852">CVE-2019-5852</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5853">CVE-2019-5853</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5854">CVE-2019-5854</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5855">CVE-2019-5855</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5856">CVE-2019-5856</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5857">CVE-2019-5857</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5858">CVE-2019-5858</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5859">CVE-2019-5859</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5860">CVE-2019-5860</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5861">CVE-2019-5861</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5862">CVE-2019-5862</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5863">CVE-2019-5863</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5864">CVE-2019-5864</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5865">CVE-2019-5865</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5867">CVE-2019-5867</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5868">CVE-2019-5868</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-27T08:00:47Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-08-16T17:41:13Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-19.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-19.xml
@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-19">
+  <title>GNU Wget: Arbitrary code execution</title>
+  <synopsis>A vulnerability in GNU Wget might allow an attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">wget</product>
+  <announced>2019-08-15</announced>
+  <revised count="1">2019-08-15</revised>
+  <bug>682994</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/wget" auto="yes" arch="*">
+      <unaffected range="ge">1.20.3</unaffected>
+      <vulnerable range="lt">1.20.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Wget is a free software package for retrieving files using HTTP,
+      HTTPS and FTP, the most widely-used Internet protocols.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow was discovered in GNU’s Wget.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could possibly execute arbitrary code with the privileges of
+      the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Wget users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.20.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5953">CVE-2019-5953</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-10T20:46:31Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-15T17:51:26Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-20.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-20.xml
@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-20">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2019-08-16</announced>
+  <revised count="1">2019-08-16</revised>
+  <bug>688032</bug>
+  <bug>690664</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">60.8.0</unaffected>
+      <vulnerable range="lt">60.8.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">60.8.0</unaffected>
+      <vulnerable range="lt">60.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-60.8.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-60.8.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11703">CVE-2019-11703</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11704">CVE-2019-11704</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11705">CVE-2019-11705</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11706">CVE-2019-11706</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11709">CVE-2019-11709</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11711">CVE-2019-11711</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11712">CVE-2019-11712</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11713">CVE-2019-11713</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11715">CVE-2019-11715</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11717">CVE-2019-11717</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11719">CVE-2019-11719</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11729">CVE-2019-11729</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11730">CVE-2019-11730</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9811">CVE-2019-9811</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-12T23:49:32Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-16T18:20:32Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-21.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-21.xml
@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-21">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">flash</product>
+  <announced>2019-08-18</announced>
+  <revised count="1">2019-08-18</revised>
+  <bug>683006</bug>
+  <bug>687894</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">32.0.0.207</unaffected>
+      <vulnerable range="lt">32.0.0.207</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or bypass security restrictions.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-32.0.0.207"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7096">CVE-2019-7096</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7108">CVE-2019-7108</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7845">CVE-2019-7845</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-17T15:59:17Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-18T02:22:45Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-22.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-22.xml
@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-22">
+  <title>Patch: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Patch, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">patch</product>
+  <announced>2019-08-18</announced>
+  <revised count="1">2019-08-18</revised>
+  <bug>690136</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-devel/patch" auto="yes" arch="*">
+      <unaffected range="ge">2.7.6-r4</unaffected>
+      <vulnerable range="lt">2.7.6-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Patch takes a patch file containing a difference listing produced by the
+      diff program and applies those differences to one or more original files,
+      producing patched versions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Patch. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could pass a specially crafted diff file to Patch,
+      possibly resulting in a Denial of Service condition or arbitrary code
+      execution.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Patch users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/patch-2.7.6-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13636">CVE-2019-13636</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13638">CVE-2019-13638</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-16T21:41:00Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-18T02:24:40Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-23.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-23.xml
@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-23">
+  <title>VLC: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VLC, the worst of which
+    could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2019-08-18</announced>
+  <revised count="1">2019-08-18</revised>
+  <bug>688642</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">3.0.7</unaffected>
+      <vulnerable range="lt">3.0.7</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VLC is a cross-platform media player and streaming server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VLC. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, by enticing a user to execute a specially crafted
+      media file, could cause a Denial of Service condition or possibly execute
+      arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VLC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-3.0.7"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12874">CVE-2019-12874</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5439">CVE-2019-5439</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-01T21:30:30Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-18T02:26:26Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-24.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-24.xml
@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-24">
+  <title>MariaDB, MySQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in MariaDB and MySQL, the
+    worst of which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">mariadb,mysql</product>
+  <announced>2019-08-18</announced>
+  <revised count="1">2019-08-18</revised>
+  <bug>661500</bug>
+  <bug>670388</bug>
+  <bug>679024</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/mariadb" auto="yes" arch="*">
+      <unaffected range="ge">10.1.38-r1</unaffected>
+      <unaffected range="ge">10.2.22</unaffected>
+      <vulnerable range="lt">10.1.38-r1</vulnerable>
+      <vulnerable range="lt">10.2.22</vulnerable>
+    </package>
+    <package name="dev-db/mysql" auto="yes" arch="*">
+      <unaffected range="ge">5.6.42</unaffected>
+      <unaffected range="ge">5.7.24</unaffected>
+      <vulnerable range="lt">5.6.42</vulnerable>
+      <vulnerable range="lt">5.7.24</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MariaDB is an enhanced, drop-in replacement for MySQL. MySQL is a
+      popular multi-threaded, multi-user SQL server. MySQL is a popular
+      multi-threaded, multi-user SQL server
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in MariaDB and MySQL.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MariaDB 10.1.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.1.38-r1"
+    </code>
+    
+    <p>All MariaDB 10.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.2.22"
+    </code>
+    
+    <p>All MySQL 5.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.6.42"
+    </code>
+    
+    <p>All MySQL 5.7.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.7.24"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2755">CVE-2018-2755</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2759">CVE-2018-2759</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2761">CVE-2018-2761</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2766">CVE-2018-2766</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2771">CVE-2018-2771</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2777">CVE-2018-2777</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2781">CVE-2018-2781</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2782">CVE-2018-2782</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2784">CVE-2018-2784</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2786">CVE-2018-2786</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2787">CVE-2018-2787</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2810">CVE-2018-2810</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2813">CVE-2018-2813</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2817">CVE-2018-2817</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2819">CVE-2018-2819</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3143">CVE-2018-3143</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3156">CVE-2018-3156</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3162">CVE-2018-3162</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3173">CVE-2018-3173</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3174">CVE-2018-3174</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3185">CVE-2018-3185</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3200">CVE-2018-3200</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3251">CVE-2018-3251</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3252">CVE-2018-3252</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3277">CVE-2018-3277</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3282">CVE-2018-3282</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3284">CVE-2018-3284</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2510">CVE-2019-2510</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2529">CVE-2019-2529</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2537">CVE-2019-2537</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-12T23:27:01Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-18T02:28:58Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-25.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-25.xml
@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-25">
+  <title>hostapd and wpa_supplicant: Denial of Service</title>
+  <synopsis>A vulnerability in hostapd and wpa_supplicant could lead to a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">wpa_supplicant</product>
+  <announced>2019-08-18</announced>
+  <revised count="1">2019-08-18</revised>
+  <bug>685860</bug>
+  <bug>688588</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/hostapd" auto="yes" arch="*">
+      <unaffected range="ge">2.8</unaffected>
+      <vulnerable range="lt">2.8</vulnerable>
+    </package>
+    <package name="net-wireless/wpa_supplicant" auto="yes" arch="*">
+      <unaffected range="ge">2.8</unaffected>
+      <vulnerable range="lt">2.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE
+      802.11i / RSN).
+    </p>
+    
+    <p>hostapd is a user space daemon for access point and authentication
+      servers.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in hostapd’s and wpa_supplicant’s
+      eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All hostapd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-wireless/hostapd-2.8"
+    </code>
+    
+    <p>All wpa_supplicant users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-wireless/wpa_supplicant-2.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11555">CVE-2019-11555</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-11T00:58:42Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-18T02:31:07Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
@ -1 +1 @@
-Sat, 03 Aug 2019 15:08:59 +0000
+Sat, 24 Aug 2019 03:38:54 +0000
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
@ -1 +1 @@
-0228c86b4f0e69207e66dbe5822dd7411fb99b01 1564831599 2019-08-03T11:26:39+00:00
+55b0fff2f98b275d6a6bcaf8e12164157936324c 1566095478 2019-08-18T02:31:18+00:00