ubuntu-docker-images team mailing list archive

Thread
Date

Fwd: apache2 contains outdated Ubuntu packages

To: ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
From: Sergio Durigan Junior <sergio.durigan@xxxxxxxxxxxxx>
Date: Tue, 22 Jun 2021 12:36:03 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

FWIW, I've rebuilt and retagged the apache2 image because of the
notification below.

-- 
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0  EB2F 106D A1C8 C3CB BF14

--- Begin Message ---

To: ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx

From: noreply@xxxxxxxxxxxxx

Date: Mon, 21 Jun 2021 22:04:51 -0700 (PDT)

Arc-authentication-results: i=1; mx.google.com; spf=neutral (google.com: 162.213.33.205 is neither permitted nor denied by best guess record for domain of noreply@xxxxxxxxxxxxx) smtp.mailfrom=noreply@xxxxxxxxxxxxx

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:from:subject:content-transfer-encoding:mime-version:message-id :date; bh=9f7OnTqD7/8OtqEGd1QIqGm7OGlJAeXfsXc96sJiS+o=; b=Xbq2ynqw3Td2C+DlK8t2Gb5BTeKir/Prf99I/HgYoX8c8Q7WjnKnD3MdbDMQ9ST/Kh JFZIXF1P4wOlevYsR5dWEMdM6VT9FX0YQVAVbTSl8MhWudylBiyDRDSxNEkSewstmoIN d+AlRnpXCf82cVtH9RXGQFhaI5THkwZgBEzq99r820EAnDC3n7u9JGP/6uu8ve03N1ol VqlBTI5FTwtKvupZ+s+DngYMBpK7nhcjKnetN8GzzP0HobeabTy+/RDpacwEWAGch0rT NIj9wmQdd/hLE6BDn3O6V4GLF5XD44srwlr8TjNBLxjxD7PWfssAJhsZmVmNmBdIeVr+ Z5hQ==

Arc-seal: i=1; a=rsa-sha256; t=1624338291; cv=none; d=google.com; s=arc-20160816; b=jotSTb0ONk0idGVKgpijFLgCI3lUnliKB8GAtj4saDe6UxeJTXTCkWc+6e20mLKwnV p7fnRl1ZwZS/qJO1X0HA4HcjNeP5bSaCiGqI6ICJnbfOupWe4OrSjt6aIxLKuDKljJvi F3BVj6SA+z3cVrK4c9lM0sIsl2dAfE89yIQBlCTaCFbPNcam8PgWmRiA4R9sLxp5Eq0r kx8MJPC57CLB8BO0L2QumAfo5ONNQcUo8XznbobrZuSKhe3zkddcouv3EcUZeDP9dO+f Hp2kdocBnzo9fuTEdI8s0DZsMjS3o22Mr/Y8B2fnxYJV4gxA/L5lOcDFY8w1yFmTh8Ji LJeg==

Authentication-results: mx.google.com; spf=neutral (google.com: 162.213.33.205 is neither permitted nor denied by best guess record for domain of noreply@xxxxxxxxxxxxx) smtp.mailfrom=noreply@xxxxxxxxxxxxx

Delivered-to: sergio.durigan@xxxxxxxxxxxxxxxxxxx
A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:

Revision r25a2e0ab7fd8 (arm64; channels: 2.4-20.04_edge, 2.4-20.04_beta)
 * apache2: 4994-1
 * apache2-bin: 4994-1
 * apache2-data: 4994-1
 * apache2-utils: 4994-1

Revision r945c7c6e3e45 (amd64; channels: 2.4-20.04_edge, 2.4-20.04_beta)
 * apache2: 4994-1
 * apache2-bin: 4994-1
 * apache2-data: 4994-1
 * apache2-utils: 4994-1

Revision rab7247c51a48 (s390x; channels: 2.4-20.04_edge, 2.4-20.04_beta)
 * apache2: 4994-1
 * apache2-bin: 4994-1
 * apache2-data: 4994-1
 * apache2-utils: 4994-1

Revision rc439285a767c (ppc64le; channels: 2.4-20.04_edge, 2.4-20.04_beta)
 * apache2: 4994-1
 * apache2-bin: 4994-1
 * apache2-data: 4994-1
 * apache2-utils: 4994-1

Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.

Thank you for your rock and for attending to this matter.

References:
 * https://ubuntu.com/security/notices/USN-4994-1/
--- End Message ---