ubuntu-docker-images team mailing list archive

[Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>]

On Tue, Mar 15, 2022 at 10:09:55PM -0700, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r02838fb0d3e4 (s390x; channels: 12-20.04_beta, 12-20.04_edge)
> * libssl1.1: 5328-1
> * openssl: 5328-1
> * tar: 5329-1
>
> Revision r0649be2549a7 (amd64; channels: edge, 13-21.10_edge, 13-21.10_beta, latest)
> * libssl1.1: 5328-1
> * openssl: 5328-1
>
> Revision r31de676522d8 (arm64; channels: 12-20.04_beta, 12-20.04_edge)
> * libssl1.1: 5328-1
> * openssl: 5328-1
> * tar: 5329-1
>
> Revision r6ffbb3889e26 (ppc64le; channels: edge, 13-21.10_edge, 13-21.10_beta, latest)
> * libssl1.1: 5328-1
> * openssl: 5328-1
>
> Revision r78056c8e623c (arm64; channels: edge, 13-21.10_edge, 13-21.10_beta, latest)
> * libssl1.1: 5328-1
> * openssl: 5328-1
>
> Revision r7cabae003446 (ppc64le; channels: 12-20.04_beta, 12-20.04_edge)
> * libssl1.1: 5328-1
> * openssl: 5328-1
> * tar: 5329-1
>
> Revision rab22f1f0401d (amd64; channels: 12-20.04_beta, 12-20.04_edge)
> * libssl1.1: 5328-1
> * openssl: 5328-1
> * tar: 5329-1
>
> Revision rc99bd4e7172f (s390x; channels: edge, 13-21.10_edge, 13-21.10_beta, latest)
> * libssl1.1: 5328-1
> * openssl: 5328-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5328-1/
> * https://ubuntu.com/security/notices/USN-5329-1/

These have been rebuilt and retagged.

--
Athos Ribeiro