ubuntu-docker-images team mailing list archive
-
ubuntu-docker-images team
-
Mailing list archive
-
Message #00133
Re: cassandra contains outdated Ubuntu packages
-
To:
ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
-
From:
Sergio Durigan Junior <sergio.durigan@xxxxxxxxxxxxx>
-
Date:
Fri, 14 Jan 2022 10:50:34 -0500
-
In-reply-to:
<61dfb426.1c69fb81.1437e.90f5SMTPIN_ADDED_MISSING@mx.google.com> (security-team-toolbox-bot@canonical.com's message of "Wed, 12 Jan 2022 21:09:58 -0800 (PST)")
-
User-agent:
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
On Thursday, January 13 2022, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r069817839b99 (ppc64le; channels: 4.0-21.04_edge, 4.0-21.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r1b4ee21f1380 (amd64; channels: 4.0-20.04_edge, 4.0-20.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r5d5ef51ed7cf (amd64; channels: 4.0-21.04_edge, 4.0-21.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r66fabb02fc1a (arm64; channels: 4.0-21.10_edge, edge, 4.0-21.10_beta, latest)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r6fb8b2bbc16f (arm64; channels: 4.0-21.04_edge, 4.0-21.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r71509810a1ce (s390x; channels: 4.0-21.10_edge, edge, 4.0-21.10_beta, latest)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r85e1c0640643 (ppc64le; channels: 4.0-20.04_edge, 4.0-20.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision ra769c84becee (s390x; channels: 4.0-20.04_edge, 4.0-20.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rb350fcd1a29f (ppc64le; channels: 4.0-21.10_edge, edge, 4.0-21.10_beta, latest)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rbef1f007595b (amd64; channels: 4.0-21.10_edge, edge, 4.0-21.10_beta, latest)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rc2ff7ede9745 (arm64; channels: 4.0-20.04_edge, 4.0-20.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision reace5def691c (s390x; channels: 4.0-21.04_edge, 4.0-21.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5226-1/
On Thursday, January 13 2022, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r0394e0b345f9 (amd64; channels: 13-21.04_beta, 13-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r0af6390d220c (arm64; channels: edge, 13-21.10_edge, 13-21.10_beta, latest)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r17f4d943072b (s390x; channels: edge, 13-21.10_edge, 13-21.10_beta, latest)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r26705ef84bac (ppc64le; channels: 12-20.04_beta, 12-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r3b003139f6b8 (amd64; channels: edge, 13-21.10_edge, 13-21.10_beta, latest)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r6f24e6b77efc (amd64; channels: 12-20.04_beta, 12-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r7bc86c854b93 (s390x; channels: 13-21.04_beta, 13-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r7f2e83588595 (s390x; channels: 12-20.04_beta, 12-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rd22ccb906172 (arm64; channels: 12-20.04_beta, 12-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rdc9acd4ea26d (ppc64le; channels: edge, 13-21.10_edge, 13-21.10_beta, latest)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rddaaee2d8c13 (ppc64le; channels: 13-21.04_beta, 13-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision re70b59dc6d09 (arm64; channels: 13-21.04_beta, 13-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5226-1/
On Thursday, January 13 2022, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r0c9413d1868b (ppc64le; channels: edge, latest, 8.0-21.10_beta, 8.0-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r0d3d0a31a029 (amd64; channels: edge, latest, 8.0-21.10_beta, 8.0-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r11f79e5f0138 (arm64; channels: edge, latest, 8.0-21.10_beta, 8.0-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r19ec4e729cc3 (ppc64le; channels: 8.0-21.04_beta, 8.0-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r1c62b8851a1f (s390x; channels: 8.0-21.04_beta, 8.0-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r1dd6293a228f (amd64; channels: 8.0-20.04_edge, 8.0-20.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r22acdbbd6894 (amd64; channels: 8.0-21.04_beta, 8.0-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r3fcd4c8ba8dd (arm64; channels: 8.0-21.04_beta, 8.0-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r4fa0c6b2130b (s390x; channels: edge, latest, 8.0-21.10_beta, 8.0-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r71826539de89 (s390x; channels: 8.0-20.04_edge, 8.0-20.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision ra5455538074c (arm64; channels: 8.0-20.04_edge, 8.0-20.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rdbee25e83ba0 (ppc64le; channels: 8.0-20.04_edge, 8.0-20.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5226-1/
On Thursday, January 13 2022, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r21b0be943daf (arm64; channels: 1.5-20.04_beta, 1.5-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r2caae7f88a2e (s390x; channels: 1.6-21.04_beta, 1.6-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r4e950d97d2df (amd64; channels: 1.6-21.04_beta, 1.6-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r701fe698fbfc (ppc64le; channels: edge, 1.6-21.10_beta, latest, 1.6-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r77c96d4a4744 (arm64; channels: edge, 1.6-21.10_beta, latest, 1.6-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision ra60cc0ccf67f (ppc64le; channels: 1.5-20.04_beta, 1.5-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rb00c5b9b0e0e (s390x; channels: 1.5-20.04_beta, 1.5-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rc04a93f2f4b8 (s390x; channels: edge, 1.6-21.10_beta, latest, 1.6-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rd94cd2de6a0d (amd64; channels: edge, 1.6-21.10_beta, latest, 1.6-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rebb3140efa32 (ppc64le; channels: 1.6-21.04_beta, 1.6-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rebe988d8f561 (arm64; channels: 1.6-21.04_beta, 1.6-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rf8e1c6369bbc (amd64; channels: 1.5-20.04_beta, 1.5-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5226-1/
On Thursday, January 13 2022, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r26e53b72198f (arm64; channels: 2.4-20.04_beta, 2.4-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r28b3de1dfd2c (amd64; channels: edge, 2.4-21.10_beta, latest, 2.4-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r393f56b00e36 (ppc64le; channels: 2.4-20.04_beta, 2.4-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r48108735a4d1 (arm64; channels: edge, 2.4-21.10_beta, latest, 2.4-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r591080299abf (ppc64le; channels: 2.4-21.04_edge, 2.4-21.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r766327292ed6 (ppc64le; channels: edge, 2.4-21.10_beta, latest, 2.4-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r88341cbd6625 (arm64; channels: 2.4-21.04_edge, 2.4-21.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r990d56419d1e (s390x; channels: 2.4-21.04_edge, 2.4-21.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r9ce824fb8093 (amd64; channels: 2.4-21.04_edge, 2.4-21.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision ra7920e2f82b1 (s390x; channels: 2.4-20.04_beta, 2.4-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rbbcaf6ae72b2 (s390x; channels: edge, 2.4-21.10_beta, latest, 2.4-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rd3abb79b6c14 (amd64; channels: 2.4-20.04_beta, 2.4-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5226-1/
On Thursday, January 13 2022, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r616834fd886b (ppc64le; channels: edge, 1.18-21.10_edge, latest, 1.18-21.10_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r65023f4d845c (arm64; channels: 1.18-21.04_edge, 1.18-21.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r68ba6dac5313 (amd64; channels: edge, 1.18-21.10_edge, latest, 1.18-21.10_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r6f6911d149f3 (amd64; channels: 1.18-21.04_edge, 1.18-21.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r7e942861e6bd (arm64; channels: edge, 1.18-21.10_edge, latest, 1.18-21.10_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r85257b7a55b6 (ppc64le; channels: 1.18-20.04_edge, 1.18-20.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r9121ff6d7a2c (ppc64le; channels: 1.18-21.04_edge, 1.18-21.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rad942dc8de20 (s390x; channels: 1.18-21.04_edge, 1.18-21.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rc6b04a88af35 (amd64; channels: 1.18-20.04_edge, 1.18-20.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rdfd2a0e9b7bd (arm64; channels: 1.18-20.04_edge, 1.18-20.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rec104066ace1 (s390x; channels: edge, 1.18-21.10_edge, latest, 1.18-21.10_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rec23915de3e7 (s390x; channels: 1.18-20.04_edge, 1.18-20.04_beta)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5226-1/
On Thursday, January 13 2022, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r03e974cd921e (arm64; channels: 5.0-20.04_beta, 5.0-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r055bc28a77b8 (s390x; channels: edge, 6.0-21.10_beta, latest, 6.0-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r0eea73e74962 (amd64; channels: 5.0-20.04_beta, 5.0-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r0f14f0096974 (ppc64le; channels: 6.0-21.04_beta, 6.0-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r2dc7956a237c (amd64; channels: edge, 6.0-21.10_beta, latest, 6.0-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r3eff4817b566 (arm64; channels: 6.0-21.04_beta, 6.0-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r5338d22227ec (ppc64le; channels: 5.0-20.04_beta, 5.0-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r69a57c1745a7 (s390x; channels: 6.0-21.04_beta, 6.0-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r82b79e5985e0 (s390x; channels: 5.0-20.04_beta, 5.0-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rc2ab98b8e35c (arm64; channels: edge, 6.0-21.10_beta, latest, 6.0-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rccc5a2358992 (ppc64le; channels: edge, 6.0-21.10_beta, latest, 6.0-21.10_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rda45385328be (amd64; channels: 6.0-21.04_beta, 6.0-21.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5226-1/
I have rebuilt & retagged everything above.
Thanks,
--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14
