Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Monthly GLSA metadata 2024-07-01 #2069

Merged
merged 2 commits into from
Jul 22, 2024

Conversation

flatcar-infra
Copy link

Updated GLSA metadata

@dongsupark
Copy link
Member

CI failed like:

2024-07-05T12:41:31.8657301Z This system is affected by the following GLSAs:
2024-07-05T12:41:31.9458858Z 202407-05
2024-07-05T12:41:31.9459192Z 202406-01

We can skip 202407-05, as sssd of Flatcar already has a custom patch for CVE-2021-3621.

However, we should resolve 202406-01, glib 2.78.6. The update is already in progress in #2070.

Copy link

github-actions bot commented Jul 8, 2024

@dongsupark dongsupark force-pushed the buildbot/monthly-glsa-metadata-updates-2024-07-01 branch from b4d12b4 to 153bcdc Compare July 16, 2024 10:50
Flatcar Buildbot and others added 2 commits July 17, 2024 09:41
Add GLSA 202407-05 to allowlist, because ebuild of sys-auth/sssd already
has a custom patch to fix CVE-2021-3621.
@dongsupark dongsupark force-pushed the buildbot/monthly-glsa-metadata-updates-2024-07-01 branch from 153bcdc to ea7ca34 Compare July 17, 2024 07:41
@dongsupark dongsupark requested a review from a team July 18, 2024 13:54
@dongsupark
Copy link
Member

CI passed, except for arm64 test issues that are not relevant.

Copy link
Contributor

@tormath1 tormath1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What are we supposed to review here? If the CI is green, I would say to go ahead.

@dongsupark dongsupark merged commit 29f7c25 into main Jul 22, 2024
6 of 8 checks passed
@dongsupark dongsupark deleted the buildbot/monthly-glsa-metadata-updates-2024-07-01 branch July 22, 2024 08:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Development

Successfully merging this pull request may close these issues.

3 participants