← Back to team overview

ubuntu-docker-images team mailing list archive

  1. ubuntu-docker-images team
  2. Mailing list archive
  3. Message #00010

Re: memcached contains outdated Ubuntu packages

  Thread PreviousDate PreviousThread Next 
Ok so this is what I could do without any review tools code change: the
service sends the email to the publisher
(ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx) and the revision uploader
(sergio.durigan@xxxxxxxxxxxxx) as stated in the store db, so I added
both in my store db creator script which is private. Unfortunately those
fields do not accept a list of addresses so I could not add Athos this
time (but I can add you both to the review-tools override when public)

Also, FYI Alex M and myself are always BCC to these emails as you could
see (snaps and now rocks)

Let me know if you have any further question!

Emi

On 22/4/21 15:40, noreply@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
> 
> Revision r2f395c76001a (amd64; channels: 1.5-20.04_edge, 1.5-20.04_beta)
>  * tar: 4692-1
> 
> Revision r5a1a57b7cd56 (ppc64el; channels: 1.5-20.04_edge)
>  * tar: 4692-1
> 
> Revision r98aa361dac5c (arm64; channels: 1.5-20.04_edge, 1.5-20.04_beta)
>  * tar: 4692-1
> 
> Revision rb3bc22ed6a2b (s390x; channels: 1.5-20.04_edge)
>  * tar: 4692-1
> 
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
> 
> Thank you for your rock and for attending to this matter.
> 
> References:
>  * https://ubuntu.com/security/notices/USN-4692-1/
>

Follow ups

  Thread PreviousDate PreviousThread Next