Merge pull request #727 from dm0-/glsa

bump(metadata/glsa): sync with upstream

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest

@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 442494 BLAKE2B ea6e4d13fed10b9dc7cd8a15d0158e6d9956295e733d9c58e7ad42757e48c466dcbf29b90a95203fa76be9b2ce5c403a61d560e58c77f3a9def96a74982c8d4f SHA512 822a6f67d551562039f8079880b76f65668f36de8582dd99f5fd15f76cc5aad88c83d341fb2a0b1d48467ad0bc300afe2adef18e2b56f85af07a5740e2e3c648
+MANIFEST Manifest.files.gz 442809 BLAKE2B 4b7b795575911222fd7fe1e9f9900ced88b7957d15e08d5881ee7e2c91f556beb375085e3842469d53d9c216f6709039908e138283d8726731c25b7aa33c7861 SHA512 ad93d050cf3a9d3cfb5dbce463c01bff4a31f205a3d2773382f89e603197645720db7bb4b45496d26f019ef9161b89ce5d0e4aacd87f89dff11d9c1126c34c46
-TIMESTAMP 2019-04-23T01:38:53Z
+TIMESTAMP 2019-04-25T12:38:57Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAly+bK1fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlzBqmFfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBFXBAAmTHnJ+9Kf9ZeiyVnrMWPlcyUFeY0IbrilUWWYRnygvwIYcsHqTOFHVk3
+klBddRAApp+I8/ZRSb23UWFHzE3qFH1Ai+R4R0KWeJjJG/tG3Sv8iLIWaHES/VIz
-Qdz3PW71QVXcK1pObQMIoEoT+3XgYa6gcFmNkyfNni3xHNs1gw+yTr+h8hGcsNl7
+06VSmJfuVZNrvQM/O3e93q/7RIne7Zc6f1Xu+dZ/khadIw+A47t/3CG1n85s9VxA
-AWyODlCZrzLZns9T3ev8UdUPgLpjfPxRMJ76AcAXirxDZIZUo45fd3Lpc8fQ9ZTU
+G8sm6qNjMvfZtkXC/12JyzdkA87RDLkVXO/emVVXlsDomC35qCd6ZhYRpcoCLl/C
-FgPjRuiwONjS6MMNFxoXaoH3fzSKjvLvAgXnnV9ScOy2pVrdXExvCc1LvKxvjb1r
+dLh0UT12lbacJPOby5Q0MSNQgJ+1hFltwZ1ltQ4ATYMpFguX6f0RU1nhYv4E8hM1
-cSoMFJ3RrqVZMCmL5dAQ5Yj5FsYINFrjgWf4d8z/LLx4s8wZ3wc0RsI2Rz2JFVKG
+ABNqLpQbFWhHUxmYgNK5hN7M7SMMgOIYVvpRof4RwNF+kay5JVkTnCDdayErAjkd
-yGstXmE+n0dVkKYfai9ZT4uGQZCjS8/WNXiGShgCzEMR72Dy3GZuwxRijLMclAqs
+0A+aL/zatDXx1HyYjVRh39lKnw7aukQyyNzn6N+jpznsVvb8BJvhsiTl1h46134l
-FqBoz3SQ1Li+WHli2L5AS2FDq+xixlx1dREb/Dn7V5V+Rv5mVgFzcUtVSSjtUklw
+a/RPfS4MwDH9fZHtwraZloR59BUTKYzuKie/pfMIdL/tPTAPqCeCSiDG9PROwIcV
-lggR/RS6ayr4OuHNqslNjOuy6dkncyXK8+17fwskxAKurp9ZHtp263DJ4rA3pkXi
+pz/fC6oXQYf/qZbIJOr6Z8jFE5dp4CSY3ubKEBKWY/NMthZ7z3gmofiUUvNAibzi
-pCCDaqJQs1pOJlfoGp0UKYjrsCMG/QAe/FGhAZoZrgkmttqIm5EHeBRXWnBiOpuG
+1/1hOF0vVhND9yfF7p9mQxbBBO498xfhqSPAGYYct+XgWSVcPWzIm73f7p5kznxM
-YqPjhQ1k1F6g8KR2nVtVt1CmEsxv0uHDSpsdR+iIEfMZ6q7qehsSJf944RneqRVw
+D10IcXPwWsmX4e9iqu1vS1NNmxHH6lNDbLx+uIBDnlZL8rJ0GfMmHgKgBo4v+K8A
-UBxbtACDiOScMl1LH4bUY78obFeZt6nkSLFQDkJ+BnUj12Vqlc8=
+x0SE72Ocl9O0524GhNk0lD9SsxsrRrdcsMj8T9LuSwrxMJIZIFI=
-=tjB4
+=GeEM
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-24.xml

@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-24">
+  <title>Ming: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Ming, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">ming</product>
+  <announced>2019-04-24</announced>
+  <revised count="1">2019-04-24</revised>
+  <bug>624712</bug>
+  <bug>626498</bug>
+  <bug>646770</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/ming" auto="yes" arch="*">
+      <unaffected range="ge">0.20181112</unaffected>
+      <vulnerable range="lt">0.20181112</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A library for generating Macromedia Flash files.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Ming. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Ming users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/ming-0.20181112"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11728">CVE-2017-11728</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11729">CVE-2017-11729</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11730">CVE-2017-11730</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11731">CVE-2017-11731</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11732">CVE-2017-11732</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11733">CVE-2017-11733</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11734">CVE-2017-11734</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9988">CVE-2017-9988</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9989">CVE-2017-9989</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5251">CVE-2018-5251</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5294">CVE-2018-5294</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6315">CVE-2018-6315</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6358">CVE-2018-6358</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6359">CVE-2018-6359</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-19T01:46:20Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-24T23:57:18Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-25.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-25">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2019-04-24</announced>
+  <revised count="1">2019-04-24</revised>
+  <bug>680834</bug>
+  <bug>681850</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">3.1.0-r4</unaffected>
+      <vulnerable range="lt">3.1.0-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-3.1.0-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20815">CVE-2018-20815</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9824">CVE-2019-9824</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T05:49:31Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-24T23:59:19Z">b-man</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk

@@ -1 +1 @@
-Tue, 23 Apr 2019 01:38:49 +0000
+Thu, 25 Apr 2019 12:38:53 +0000

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit

@@ -1 +1 @@
-76232d72230fb0f05eaefd8d7f5efcf5b14047c1 1555976179 2019-04-22T23:36:19+00:00
+42c9d977ba183a5bc173b70ad145977fc6705eda 1556150376 2019-04-24T23:59:36+00:00