ubuntu-docker-images team mailing list archive
-
ubuntu-docker-images team
-
Mailing list archive
-
Message #00155
Re: postgres contains outdated Ubuntu packages
-
To:
ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
-
From:
Sergio Durigan Junior <sergio.durigan@xxxxxxxxxxxxx>
-
Date:
Fri, 04 Mar 2022 05:36:35 -0500
-
In-reply-to:
<621efc09.1c69fb81.4d43.788aSMTPIN_ADDED_MISSING@mx.google.com> (security-team-toolbox-bot@canonical.com's message of "Tue, 01 Mar 2022 21:09:29 -0800 (PST)")
-
User-agent:
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
On Wednesday, March 02 2022, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r2e08047fd6b4 (s390x; channels: 12-20.04_edge, 12-20.04_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
> * locales: 5310-1
>
> Revision r5252605f3628 (arm64; channels: edge, 13-21.10_edge, latest, 13-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
> * locales: 5310-1
>
> Revision r537e43b4405b (ppc64le; channels: edge, 13-21.10_edge, latest, 13-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
> * locales: 5310-1
>
> Revision r63430cbc87a8 (arm64; channels: 12-20.04_edge, 12-20.04_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
> * locales: 5310-1
>
> Revision r90611379649d (amd64; channels: 12-20.04_edge, 12-20.04_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
> * locales: 5310-1
>
> Revision ra0d846819c43 (ppc64le; channels: 12-20.04_edge, 12-20.04_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
> * locales: 5310-1
>
> Revision rd2042f85fe88 (s390x; channels: edge, 13-21.10_edge, latest, 13-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
> * locales: 5310-1
>
> Revision rfb8a419f073a (amd64; channels: edge, 13-21.10_edge, latest, 13-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
> * locales: 5310-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5310-1/
On Wednesday, March 02 2022, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r31f0e5271742 (s390x; channels: edge, 8.0-21.10_beta, latest, 8.0-21.10_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision r5e13619c74c5 (s390x; channels: 8.0-20.04_beta, 8.0-20.04_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision r63d6a9f67ad7 (ppc64le; channels: edge, 8.0-21.10_beta, latest, 8.0-21.10_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision r96c14459967d (amd64; channels: 8.0-20.04_beta, 8.0-20.04_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rb02494bd553c (arm64; channels: 8.0-20.04_beta, 8.0-20.04_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rc622b90657f1 (arm64; channels: edge, 8.0-21.10_beta, latest, 8.0-21.10_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rcfdee6c29934 (ppc64le; channels: 8.0-20.04_beta, 8.0-20.04_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rd4a2226f64ee (amd64; channels: edge, 8.0-21.10_beta, latest, 8.0-21.10_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5310-1/
On Wednesday, March 02 2022, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r14274d861a42 (ppc64le; channels: 1.5-20.04_beta, 1.5-20.04_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision r357996c514bb (ppc64le; channels: edge, 1.6-21.10_edge, latest, 1.6-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision r3b732acbe7d9 (s390x; channels: edge, 1.6-21.10_edge, latest, 1.6-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision r7ec7be1ecfbc (s390x; channels: 1.5-20.04_beta, 1.5-20.04_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision ra964e25559fd (amd64; channels: edge, 1.6-21.10_edge, latest, 1.6-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rd5919302bf34 (amd64; channels: 1.5-20.04_beta, 1.5-20.04_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rd6e184e2fe3f (arm64; channels: edge, 1.6-21.10_edge, latest, 1.6-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rece49be59fe2 (arm64; channels: 1.5-20.04_beta, 1.5-20.04_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5310-1/
On Wednesday, March 02 2022, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r0fddcf589af1 (s390x; channels: edge, latest, 2.4-21.10_edge, 2.4-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision r1fdf5da3f4f9 (s390x; channels: 2.4-20.04_beta, 2.4-20.04_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision r2391085e42d1 (ppc64le; channels: 2.4-20.04_beta, 2.4-20.04_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision r2d4f6d1c277b (arm64; channels: 2.4-20.04_beta, 2.4-20.04_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rd05dc11bad01 (ppc64le; channels: edge, latest, 2.4-21.10_edge, 2.4-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rd5c20a306d8d (amd64; channels: edge, latest, 2.4-21.10_edge, 2.4-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rda6d3ade8d4e (arm64; channels: edge, latest, 2.4-21.10_edge, 2.4-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision re1bfe550f4fc (amd64; channels: 2.4-20.04_beta, 2.4-20.04_edge)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5310-1/
On Wednesday, March 02 2022, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r1d82f0f6f97d (s390x; channels: 1.18-20.04_edge, 1.18-20.04_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision r205bb74c7cc8 (amd64; channels: 1.18-20.04_edge, 1.18-20.04_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision r7a2b2cbe0cf3 (ppc64le; channels: edge, 1.18-21.10_edge, latest, 1.18-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rb521366733aa (arm64; channels: 1.18-20.04_edge, 1.18-20.04_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rc756bcd125a7 (s390x; channels: edge, 1.18-21.10_edge, latest, 1.18-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rda6c823df28c (amd64; channels: edge, 1.18-21.10_edge, latest, 1.18-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rf7f79a51a74e (arm64; channels: edge, 1.18-21.10_edge, latest, 1.18-21.10_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Revision rf862fc4271de (ppc64le; channels: 1.18-20.04_edge, 1.18-20.04_beta)
> * libc-bin: 5310-1
> * libc6: 5310-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5310-1/
These have all been rebuilt and retagged.
We're having a problem with the grafana snap for 20.04 (it's currently
FTBFS'ing) but that should be indirectly fixed when we update the snap
to the latest upstream grafana version.
Thanks,
--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14
