ubuntu-docker-images team mailing list archive

Thread
Date

Re: apache2 contains outdated Ubuntu packages

To: ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
From: Sergio Durigan Junior <sergio.durigan@xxxxxxxxxxxxx>
Date: Tue, 28 Sep 2021 16:11:47 -0400
In-reply-to: <6152a2fb.1c69fb81.87229.4692SMTPIN_ADDED_MISSING@mx.google.com> (security-team-toolbox-bot@canonical.com's message of "Mon, 27 Sep 2021 22:07:07 -0700 (PDT)")
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

On Tuesday, September 28 2021, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:

> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r1a2fcf4f09a7 (s390x; channels: 2.4-21.04_edge, latest, 2.4-21.04_beta, edge)
>  * apache2: 5090-1
>  * apache2-bin: 5090-1
>  * apache2-data: 5090-1
>  * apache2-utils: 5090-1
>
> Revision r30e2c1139e00 (ppc64le; channels: 2.4-20.04_edge, 2.4-20.04_beta)
>  * apache2: 5090-1
>  * apache2-bin: 5090-1
>  * apache2-data: 5090-1
>  * apache2-utils: 5090-1
>
> Revision r5595955bd111 (ppc64le; channels: 2.4-21.04_edge, latest, 2.4-21.04_beta, edge)
>  * apache2: 5090-1
>  * apache2-bin: 5090-1
>  * apache2-data: 5090-1
>  * apache2-utils: 5090-1
>
> Revision radc45eee33cd (arm64; channels: 2.4-21.04_edge, latest, 2.4-21.04_beta, edge)
>  * apache2: 5090-1
>  * apache2-bin: 5090-1
>  * apache2-data: 5090-1
>  * apache2-utils: 5090-1
>
> Revision rb739f9d99c77 (arm64; channels: 2.4-20.04_edge, 2.4-20.04_beta)
>  * apache2: 5090-1
>  * apache2-bin: 5090-1
>  * apache2-data: 5090-1
>  * apache2-utils: 5090-1
>
> Revision rc106bde9726c (amd64; channels: 2.4-21.04_edge, latest, 2.4-21.04_beta, edge)
>  * apache2: 5090-1
>  * apache2-bin: 5090-1
>  * apache2-data: 5090-1
>  * apache2-utils: 5090-1
>
> Revision rc4ac7a6c19d3 (s390x; channels: 2.4-20.04_edge, 2.4-20.04_beta)
>  * apache2: 5090-1
>  * apache2-bin: 5090-1
>  * apache2-data: 5090-1
>  * apache2-utils: 5090-1
>
> Revision rd87c4f851fad (amd64; channels: 2.4-20.04_edge, 2.4-20.04_beta)
>  * apache2: 5090-1
>  * apache2-bin: 5090-1
>  * apache2-data: 5090-1
>  * apache2-utils: 5090-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.

apache2 rebuilt & retagged everywhere.

Thanks,

-- 
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0  EB2F 106D A1C8 C3CB BF14