ubuntu-docker-images team mailing list archive

Thread
Date

Re: redis contains outdated Ubuntu packages

To: Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>
From: Valentin Viennot <valentin.viennot@xxxxxxxxxxxxx>
Date: Wed, 09 Mar 2022 08:32:04 -0000
Cc: ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, rocks@xxxxxxxxxxxxx
In-reply-to: <YidnCN2M3l2UOwea@pollux>

Thanks, Athos!

Are we now getting these emails on rocks@xxxxxxxxxxxxx? (I might have asked for this! can’t remember)

I like it but would it be possible that these alerts get sent to rocks-crew@xxxxxxxxxxxxxxxxxxx instead?

The rocks@c.c one has a commercial purpose for external inquiries. The rocks-crew@c.c one was just created by Cristovao and is meant to be targeted to the ROCKs engineering team.

Many thanks,
Valentin

> On 8 Mar 2022, at 15:24, Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx> wrote:
> 
> These have been re-built and tagged.
> 
> On Mon, Mar 07, 2022 at 09:11:33PM -0800, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
>> A scan of this rock shows that it was built with packages from the Ubuntu
>> archive that have since received security updates. The following lists new
>> USNs for affected binary packages in each rock revision:
>> 
>> Revision r020cb23bac0f (amd64; channels: 5.0-20.04_edge)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision r109b63f79a25 (arm64; channels: 5.0-20.04_edge)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision r167268fc8775 (amd64; channels: edge, latest, 6.0-21.10_beta)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision r1d6ace7ed4c1 (ppc64le; channels: 5.0-20.04_beta)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision r1f8b0d8aab3c (ppc64le; channels: 6.0-21.10_edge)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision r230bd3422ccb (ppc64le; channels: edge, latest, 6.0-21.10_beta)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision r3f37f341f4c1 (s390x; channels: 5.0-20.04_edge)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision r401df1674028 (amd64; channels: 5.0-20.04_beta)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision r448d07e3e90a (s390x; channels: edge, latest, 6.0-21.10_beta)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision r57204e7ba1c5 (arm64; channels: 5.0-20.04_beta)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision r89f6aa6ad7a0 (amd64; channels: 6.0-21.10_edge)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision ra468a991cc9a (s390x; channels: 5.0-20.04_beta)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision rbbcf652413f8 (arm64; channels: 6.0-21.10_edge)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision rd499000b95b4 (s390x; channels: 6.0-21.10_edge)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision rd4f5f5d9395a (arm64; channels: edge, latest, 6.0-21.10_beta)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Revision rf4f988075a65 (ppc64le; channels: 5.0-20.04_edge)
>> * redis-server: 5316-1
>> * redis-tools: 5316-1
>> 
>> Simply rebuilding the rock will pull in the new security updates and
>> resolve this. If your rock also contains vendored code, now might be a
>> good time to review it for any needed updates.
>> 
>> Thank you for your rock and for attending to this matter.
>> 
>> References:
>> * https://ubuntu.com/security/notices/USN-5316-1/
> 
> -- 
> Athos Ribeiro

Follow ups

Re: redis contains outdated Ubuntu packages
From: Athos Ribeiro, 2022-03-09

References

Re: redis contains outdated Ubuntu packages
From: Athos Ribeiro, 2022-03-08