bump(metadata/glsa): sync with upstream

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest

@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 429647 BLAKE2B a411cce710ab8dd39a655bd0e0cc190fbcae6f53119ffd89cae0be474bd52b18b9f669c37dc08ddc9e6dc2a29bf677b9015df98cc57c2d30284d663c0b745fe0 SHA512 727e13fbfd98dfc90a62c0a63c29d8331a6b94e4b42d913790e4a78f814e95d07a616b3b426612b6bfed54ee01f6b9889ca7c2f42345120b9b84f4679ebf482d
+MANIFEST Manifest.files.gz 431078 BLAKE2B a37fcfee71256f9d40f60594c0e23daa5c659172c73db4acde25cfdd707e9c953c72c601225f03add857a3a4cd00dd0e4d133ce2a5780bc2e304faaa458a4319 SHA512 34e61d1ae19c99e2490f0ce5a8c731b8cbbf25f056f7432c3433599c2ba70347a4dc032b240a0b1d37227f95691c4c78e3d496bae3d66dff4167de8de8693f5d
-TIMESTAMP 2018-11-01T14:08:44Z
+TIMESTAMP 2018-11-12T21:41:01Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlvbCO1fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlvp821fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klA5CQ/+Pvm8ev0pfBO6Cs4RoX5CuI2J+zoJXpLwjZyyZ2tCQDQNf7yulp4XfHZa
+klCqzA//c9fvRf/RTHzIgWQ7SuyQup6hBsjHpjvDHJX3AWss4iZsh0SE/Ka5m2Fs
-QRgepSNvJQ9eYgdc2vTxgmXWqw21ARlJw2CK1Zckrvh0Q0eHWTcnWVQj/IKHa8TT
+279zcIezkq3wP3LE1EBO3+849DDMV0ochAQaqoD5bSdRz2/lFiVlUHX5XVh26c9d
-O4NIri0EMV6cEdUz5XCKDZrOffBPfl+uE5WI33SosM+YKZEYnFT0zBPJmFZysxSM
+Moo8u/5utKYPn3wLSaf4wNHsOWjXpzxrGnLl+jnHPPKf0or28e+ffxfw7buQwPf3
-O9T/IiiRrk5rvP+0P8SVnCewmtm3Tw5lhyMU39yHnznY3klFAI4t8G0Di1wpIJ2N
+z6ilfd4iR1PhCU67uaJyM7sYrJ+oB8qMW5/HDRVqlTufjUmRnlmQH2cFBl4aTXCy
-lRhOITHi2cf/koGIcOCuroplkfvUkHWnssOnLD6wF3SPoC+aUFx9ErzidftUkO+C
+QHNYMS4xLObnTfGGmoAs+S59JE/9lCzVS2B503BbzagyNVpLUHQ717TunM892Ycl
-nExOq7l1x0vu32bRxBVIDZCp3pWo3nkgk+F+kTi9Cbv+8nlbv8oEnmAl+CDHDh+J
+7jz0+U+Ay/XFBldEHBEqFyRQPWnjiBjpsZPYYvXquPiHAGeILPvqzXE6k9LxLE0j
-UHF+P4u50VA/GIrulWH7LEqlhJQWMfUXxQEhcb/KZJmj7X2KMmGFGYVibIvnUVqJ
+j4iceMdaLPeAQ0BGVVcECKyHPhXFCKn/ZtB0B7JrpVtPBIkCl9KzGFehJuN62mvu
-eEd84auxv3XtKMPIxIiv8y7kiqd09iFIoKkcM4FVSrEOiVFucRjpnIOn5mCOtych
+KKaOisQvwS7k2mgFJaDde/2JNl21rOMdSJbGHZi607GW11pY5comT32Q7EGfpwFp
-cV4eM87C+JERmcqKoVCxm/QtWJON5w97U/MoiOc7iMs4jStR6YoMk5Wtig9JNRaI
++An0unYAJM5fEv79ogzQS8u33sg5/SPugjjfyfAI0tX5htpnsER/nOBDWOorhALD
-90H7+DHyzDoznXi1Rlo8U9ANh1jTXaBk6YaoGIxEKMsT8GVRRMCfCGKMpyJWk1+1
+h++pDaGiDtz0OO4JrbhhZh6FepdzAFaepysepYtj3M9RVy/BDNHhuC2vbnZ6R7U+
-UHZU3ahSMWXVGCNytJopG4qDRnHGsYFqZjEXcGCwQvQv/hnlB9U=
+A5hLUdAtMS+hmsJjI9/+28jKKzU7NzTOyA/ZygtbIk9/GB7mfhE=
-=Zg1g
+=3U/S
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-01.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-01">
+  <title>X.Org X11 library: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in X.Org X11 library, the
+    worst of which could allow for remote code execution.
+  </synopsis>
+  <product type="ebuild">libX11</product>
+  <announced>2018-11-09</announced>
+  <revised count="1">2018-11-09</revised>
+  <bug>664184</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/libX11" auto="yes" arch="*">
+      <unaffected range="ge">1.6.6</unaffected>
+      <vulnerable range="lt">1.6.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>X.Org is an implementation of the X Window System. The X.Org X11 library
+      provides the X11 protocol library files.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in X.Org X11 library.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to connect to a malicious server,
+      could cause the execution of arbitrary code with the privileges of the
+      process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org X11 library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libX11-1.6.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14598">CVE-2018-14598</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14599">CVE-2018-14599</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14600">CVE-2018-14600</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-09-24T03:54:14Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-11-09T00:23:32Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-02.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-02">
+  <title>Python: Buffer overflow</title>
+  <synopsis>A buffer overflow in Python might allow remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">Python</product>
+  <announced>2018-11-09</announced>
+  <revised count="1">2018-11-09</revised>
+  <bug>647862</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge">2.7.15</unaffected>
+      <vulnerable range="lt">2.7.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python is an interpreted, interactive, object-oriented programming
+      language.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow vulnerability have been discovered in Python. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, in special situations such as function as a service,
+      could violate a trust boundary and cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Python users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.15"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000030">
+      CVE-2018-1000030
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-16T02:38:25Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-11-09T00:24:00Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-03.xml

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-03">
+  <title>OpenSSL: Denial of Service</title>
+  <synopsis>A vulnerability in OpenSSL might allow remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2018-11-09</announced>
+  <revised count="1">2018-11-09</revised>
+  <bug>663654</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2o-r6</unaffected>
+      <vulnerable range="lt">1.0.2o-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that OpenSSL allow malicious servers to send very
+      large primes to a client during DH(E) based TLS handshakes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending large prime to client during DH(E) TLS
+      handshake, could possibly cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2o-r6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0732">CVE-2018-0732</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-08T02:56:32Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2018-11-09T00:24:28Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-04.xml

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-04">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2018-11-09</announced>
+  <revised count="1">2018-11-09</revised>
+  <bug>669430</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">60.3.0</unaffected>
+      <vulnerable range="lt">60.3.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">60.3.0</unaffected>
+      <vulnerable range="lt">60.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page, possibly resulting in the execution of arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, bypass
+      access restriction, access otherwise protected information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-60.3.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-60.3.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12389">CVE-2018-12389</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12390">CVE-2018-12390</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12392">CVE-2018-12392</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12393">CVE-2018-12393</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12395">CVE-2018-12395</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12396">CVE-2018-12396</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12397">CVE-2018-12397</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/">
+      Mozilla Foundation Security Advisory 2018-27
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-31T21:42:48Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-09T00:25:06Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-05.xml

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-05">
+  <title>PHProjekt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PHProjekt due to
+    embedded Zend Framework, the worst of which could allow attackers to
+    remotely execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">PHProjekt</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>650936</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phprojekt" auto="yes" arch="*">
+      <vulnerable range="le">6.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHProjekt is an application suite that supports communication and
+      management of teams and companies.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHProjekt due to
+      embedded Zend Framework. Please review the GLSA identifiers referenced
+      below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary commands or conduct SQL
+      injection attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for PHProjekt and recommends that users
+      unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "www-apps/phprojekt"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://security.gentoo.org/glsa/201804-10">GLSA 201804-10</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-10T16:56:26Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:10:47Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-06.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-06">
+  <title>libde265: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libde265, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libde265</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>665520</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libde265" auto="yes" arch="*">
+      <unaffected range="ge">1.0.3</unaffected>
+      <vulnerable range="lt">1.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Open h.265 video codec implementation.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libde265. Please review
+      libde265 changelog referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file using libde265 or linked applications, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libde265 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libde265-1.0.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://github.com/strukturag/libde265/compare/v1.0.2...v1.0.3">
+      libde265 v1.03 Changelog
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-09-21T12:42:46Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:11:04Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-07.xml

@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-07">
+  <title>Pango: Denial of Service</title>
+  <synopsis>A vulnerability in Pango could result in a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">pango</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>664108</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/pango" auto="yes" arch="*">
+      <unaffected range="ge">1.42.4</unaffected>
+      <vulnerable range="lt">1.42.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Library for layout and rendering of internationalized text.</p>
+  </background>
+  <description>
+    <p>Processing certain invalid Emoji sequences in a GTK+ application can
+      trigger a reachable assertion resulting in an application crash.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could provide a specially crafted Emoji sequences,
+      possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pango users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/pango-1.42.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15120">CVE-2018-15120</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-08-30T12:31:14Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:11:22Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-08.xml

@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-08">
+  <title>Okular: Directory traversal</title>
+  <synopsis>Okular is vulnerable to a directory traversal attack.</synopsis>
+  <product type="ebuild">Okular</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>665662</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-apps/okular" auto="yes" arch="*">
+      <unaffected range="ge">18.04.3-r1</unaffected>
+      <vulnerable range="lt">18.04.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Okular is a universal document viewer based on KPDF for KDE 4.</p>
+  </background>
+  <description>
+    <p>It was discovered that Okular contains a Directory Traversal
+      vulnerability in function unpackDocumentArchive() in core/document.cpp.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted Okular
+      archive, possibly allowing the writing of arbitrary files with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Okular users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-apps/okular-18.04.3-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000801">
+      CVE-2018-1000801
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-09T10:06:04Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:11:36Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-09.xml

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-09">
+  <title>Icecast: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Icecast might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">Icecast</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>670148</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/icecast" auto="yes" arch="*">
+      <unaffected range="ge">2.4.4</unaffected>
+      <vulnerable range="lt">2.4.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Icecast is an open source alternative to SHOUTcast that supports MP3,
+      OGG (Vorbis/Theora) and AAC streaming.
+    </p>
+  </background>
+  <description>
+    <p>Multiple buffer overflows have been discovered in Icecast. Please review
+      the CVE identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by sending a specially crafted request using
+      authentication type “url”, could possibly execute arbitrary code with
+      the privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Icecast users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/icecast-2.4.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18820">CVE-2018-18820</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-08T14:07:15Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:11:51Z">whissi</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk

@@ -1 +1 @@
-Thu, 01 Nov 2018 14:08:41 +0000
+Mon, 12 Nov 2018 21:40:58 +0000

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit

@@ -1 +1 @@
-3fe134c9c609fe0fa952396df0dd91b901ef64de 1540938926 2018-10-30T22:35:26+00:00
+d0ed5c4d9d5a03355ab534b5784906e0956ea022 1541809004 2018-11-10T00:16:44+00:00