ubuntu-docker-images team mailing list archive

[Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>]

On Wed, Apr 13, 2022 at 10:12:31PM -0700, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r5227358f98a7 (s390x; channels: 8.0-20.04_edge, 8.0-20.04_beta)
> * gzip: 5378-1
> * liblzma5: 5378-2
> * xz-utils: 5378-2
>
> Revision r53d4b15a4e88 (amd64; channels: edge, latest, 8.0-21.10_beta, 8.0-21.10_edge)
> * gzip: 5378-1
> * liblzma5: 5378-2
> * xz-utils: 5378-2
>
> Revision r73f1edd309bb (arm64; channels: 8.0-20.04_edge, 8.0-20.04_beta)
> * gzip: 5378-1
> * liblzma5: 5378-2
> * xz-utils: 5378-2
>
> Revision r913e214675f6 (ppc64le; channels: edge, latest, 8.0-21.10_beta, 8.0-21.10_edge)
> * gzip: 5378-1
> * liblzma5: 5378-2
> * xz-utils: 5378-2
>
> Revision r938e9f6f5cbe (arm64; channels: edge, latest, 8.0-21.10_beta, 8.0-21.10_edge)
> * gzip: 5378-1
> * liblzma5: 5378-2
> * xz-utils: 5378-2
>
> Revision r98719ee5e994 (ppc64le; channels: 8.0-20.04_edge, 8.0-20.04_beta)
> * gzip: 5378-1
> * liblzma5: 5378-2
> * xz-utils: 5378-2
>
> Revision rad8a39767355 (s390x; channels: edge, latest, 8.0-21.10_beta, 8.0-21.10_edge)
> * gzip: 5378-1
> * liblzma5: 5378-2
> * xz-utils: 5378-2
>
> Revision rf8cbfe629ec9 (amd64; channels: 8.0-20.04_edge, 8.0-20.04_beta)
> * gzip: 5378-1
> * liblzma5: 5378-2
> * xz-utils: 5378-2
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5378-1/
> * https://ubuntu.com/security/notices/USN-5378-2/

These images have been rebuilt and retagged.

--
Athos Ribeiro