portage-stable/metadata: Monthly GLSA metadata updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Author: Flatcar Buildbot

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest

@@ -1,24 +1,24 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 606828 BLAKE2B a1b451cbd8b97fba48dcbcc329e204f935247276d40c90ac4cbfb608d79ab2e992895b94ff858963121d1134b508c59270174e7bcdaf0344859da3443b02f1b8 SHA512 7cf2f0457c87986d719605bc843f16fb1b58e94af8217c0a3cfc1d3b7a854459cdf2ac652b4f9271da08b81922bfb4c73aa18e4836c21288bc5adf2c59450d36
-TIMESTAMP 2026-03-01T06:12:18Z
+MANIFEST Manifest.files.gz 606986 BLAKE2B a1a7c8f65fa2d227109ddc598ecd792925cbf4dd59fd721d0e3d30d2ca2d680abe6f48efd8c7f747286a8b9b83dd77ab08effbd12fd5cff7aea22ff05b4b3249 SHA512 1d46d342b6898d53ef6e234a4ca25659b7a64373067f8d911b4a7efe73a227178e519cb54901fc15172d8a4113aeafaf14390ce5e552d1e17e50d3297a8f0701
+TIMESTAMP 2026-04-01T07:08:01Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKvBAEBCgCZFiEE4dartjv8+0ugL98c7FkO6skYklAFAmmj2MIbFIAAAAAABAAO
+iQKvBAEBCgCZFiEE4dartjv8+0ugL98c7FkO6skYklAFAmnMxFEbFIAAAAAABAAO
 bWFudTIsMi41KzEuMTEsMiwyXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25z
 Lm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFMUQ2QUJCNjNCRkNGQjRCQTAyRkRG
-MUNFQzU5MEVFQUM5MTg5MjUwAAoJEOxZDurJGJJQDrkQAJVOtRLLR09Bs6ZPpXx+
-qjIgr/8v/Ny7QEXtnOfloVvsWyD0BrEMfS70lY5AD5Y8UKJWbRyqmiQaz7bIwqVR
-qZiG1I3IJeDLTgS8Rj0EHBtGhIzlZCUuKRzozzet7shom2V5auOzKlFO5wHw/zVK
-9QCbLOzsNk4yKIDEmt6ze5VFsB0HItwSk1IRBdmEE+f7swqe/iqwetdX1+aoCZQA
-RASTPpnw2wwAcWVaWoghBrGQB+1YUExW1Rnbvhb/jH2B512SRxKYo7QYt0y3PWZt
-UloEMAfITAXOvpMde3cl7c59Pt6euRPUpddwF7SQ1R1Brmuq+hiI4qi9+3kgN3G8
-mZnmcyclX5HkW9O7kIpCgBkgNmI1TSbJc8gpy8H8aZD/jqKaNTdnCIk82URFpVuA
-o68q2MfT2Fy0vQ4aE/FUb2cxXU77/GFHOZlhL3c7COSAYHLlMeXauoF3k3Pdwxgr
-zKK7/pMBczspKh+/4zGpAkJ0Lq9OPxQyo5H4alP74McR2jadRzCpx6wR/b3TEOiq
-wiFQ1IiABOkYniItRp2m6idx3TmYe609/838W0+TdlCeMznTir6QvEJvqfAcB8I6
-ngElyGqGmmxYujZWXdLK3Yx/g41hdOSTx16Gm43jSfKbkb5iFCnSGXHyUMkBRXry
-q1+EzlCr3AUo+YRkA4/QVUdr
-=WD7f
+MUNFQzU5MEVFQUM5MTg5MjUwAAoJEOxZDurJGJJQCCMQAJqLP7jt/MtqrWUu66/N
+g4C4QYQY65p5tHkq6lFs/X24MeAtuRUgKbaOQm02KZJNb61bvZBdgtNE8P14qWJX
+LtJ8hqYOJiDT3hDhnL5Z+UbjIxDdn6m2udztvXvdkgRiQEUnhaTv8BpeOwvdGnZ4
+nswP+jJ5hMK4tYuMFy96jO39jKAbKo4HNYQCW8CJe4/HRSboXe20Z+N74xqq5M2e
+aajm7K7adRALxIYM2Ih3V64LfVsPn31TzMfXaFk0y4p3f82uZ/hTophDZIdePR0M
+a1hkcQRPdHOmbVftt3llye5XoSmq0d+Pie7axQUJVwlFd+gORzNqvK3U+9PeeKjB
+FU6wU1vmR2mlIE90prbdDKPkoNhOnn9CVLHRHYl0M8WLh4TATrDl0HcUbEOrE/CC
+vay9V4s+lABWZh2D/BToIrWUs0UMpWtt/5e5ZANrECj7T5ExWngHY7zCCDn1dySw
+Poabc3KIQlBzmstxNBqTUIvxdaxhvF+Hh7Fj4Grzzmsgio76mBhQLUF2ML8vquVe
+ipeNd0fnGIWUN6eGdC6BZ73wVC66r53bSjHPMa+N6KyCgmHbGP/HCE0GuUvnKtBc
+joBONGhatuZEM3zLIMLLxHg4cMYVEF2vA19Mh89OhYQDlIbEf5Bc/LpPYOtN3LdD
+vHcXTmn2vbBiAIieKmqm6Elk
+=iTBC
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz

@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202603-01">
+    <title>Exiv2: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Exiv2, the worst of which can lead to a crash via Denial of Service.</synopsis>
+    <product type="ebuild">exiv2</product>
+    <announced>2026-03-09</announced>
+    <revised count="1">2026-03-09</revised>
+    <bug>942164</bug>
+    <bug>970828</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-gfx/exiv2" auto="yes" arch="*">
+            <unaffected range="ge">0.28.8</unaffected>
+            <vulnerable range="lt">0.28.8</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images.</p>
+    </background>
+    <description>
+        <p>The following vulnerabilities have been discovered in Exiv2: 2 out of bounds reads, an integer overflow, and an uncaught exception. The worst of which can lead to a Denial of Service via a crash of the program. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>The following is a possible outcome: data leakage via an out-of-bounds read or a Denial of Service via a crash of the program.</p>
+    </impact>
+    <workaround>
+        <p>Avoid using the CLI tool, exiv2, with untrusted files.</p>
+    </workaround>
+    <resolution>
+        <p>All Exiv2 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.28.8"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-39695">CVE-2024-39695</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2026-25884">CVE-2026-25884</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2026-27596">CVE-2026-27596</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2026-27631">CVE-2026-27631</uri>
+        <uri>GHSA-3wgv-fg4w-75x7</uri>
+        <uri>GHSA-9mxq-4j5g-5wrp</uri>
+        <uri>GHSA-p2pw-7935-c73j</uri>
+    </references>
+    <metadata tag="requester" timestamp="2026-03-09T04:10:31.620785Z">csfore</metadata>
+    <metadata tag="submitter" timestamp="2026-03-09T04:10:31.624902Z">csfore</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202603-01.xml

@@ -1 +1 @@
-Sun, 01 Mar 2026 06:12:15 +0000
+Wed, 01 Apr 2026 07:08:00 +0000

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk

@@ -1 +1 @@
-371ee63aaee87b60a1f5a63de7d230d6598a20c8 1769423604 2026-01-26T10:33:24Z
+d2078931cc4cb1c6d04130dacbed885a7d2bf71c 1773030064 2026-03-09T04:21:04Z