ubuntu-docker-images team mailing list archive

Thread
Date

Re: postgres contains outdated Ubuntu packages

To: Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>
From: Valentin Viennot <valentin.viennot@xxxxxxxxxxxxx>
Date: Tue, 31 May 2022 16:33:44 -0000
Cc: ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx>, rocks@xxxxxxxxxxxxx
In-reply-to: <YpYKfkDqkoa9soJb@pollux>

Makes sense! Thanks for the clarifications & quick response :)

Valentin

> On 31 May 2022, at 14:30, Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx> wrote:
> 
> On Tue, May 31, 2022 at 01:30:02PM +0200, Valentin Viennot wrote:
>> Are we (and if not, how could we be) redirecting these alerts to the teams
>> now in control? (or is the handover still going on?)
> 
> Hi!
> 
> The handover process is still in progress.
> 
> These last few security alerts were not being emailed to us due to some
> issue in their infra. Emilia contacted Sergio and I a few days ago and
> Sergio handled these rebuilds. Later, in the same day, all these emails
> started being dispatched.
> 
>> 
>> On Fri, May 27, 2022 at 7:23 AM <security-team-toolbox-bot@xxxxxxxxxxxxx>
>> wrote:
>> 
>>> A scan of this rock shows that it was built with packages from the Ubuntu
>>> archive that have since received security updates. The following lists new
>>> USNs for affected binary packages in each rock revision:
>>> 
>>> Revision r034d38231599 (amd64; channels: 12-20.04_edge)
>>> * dpkg: 5446-1
>>> 
>>> Revision r122308f39e56 (ppc64le; channels: edge, latest, 14-22.04_beta)
>>> * dpkg: 5446-1
>>> 
>>> Revision r16bc0f22db12 (ppc64le; channels: 14-22.04_edge)
>>> * dpkg: 5446-1
>>> 
>>> Revision r1c1b687ed15e (s390x; channels: 12-20.04_beta)
>>> * dpkg: 5446-1
>>> 
>>> Revision r2f44035cfbcc (amd64; channels: 13-21.10_edge)
>>> * dpkg: 5446-1
>>> 
>>> Revision r3a99d23edf98 (arm64; channels: 12-20.04_beta)
>>> * dpkg: 5446-1
>>> 
>>> Revision r400e4091f9d7 (s390x; channels: 13-21.10_edge)
>>> * dpkg: 5446-1
>>> 
>>> Revision r7244b0dd984b (arm64; channels: 14-22.04_edge)
>>> * dpkg: 5446-1
>>> 
>>> Revision r7451f0775c0c (amd64; channels: 13-21.10_beta)
>>> * dpkg: 5446-1
>>> 
>>> Revision r801c16beffbd (arm64; channels: edge, latest, 14-22.04_beta)
>>> * dpkg: 5446-1
>>> 
>>> Revision r8de013735779 (ppc64le; channels: 13-21.10_edge)
>>> * dpkg: 5446-1
>>> 
>>> Revision rb163471d195b (arm64; channels: 13-21.10_edge)
>>> * dpkg: 5446-1
>>> 
>>> Revision rbcd60292c030 (ppc64le; channels: 12-20.04_beta)
>>> * dpkg: 5446-1
>>> 
>>> Revision rc11d79bb78a3 (amd64; channels: 12-20.04_beta)
>>> * dpkg: 5446-1
>>> 
>>> Revision rc38c34abcba1 (arm64; channels: 13-21.10_beta)
>>> * dpkg: 5446-1
>>> 
>>> Revision rcda38686e7fa (arm64; channels: 12-20.04_edge)
>>> * dpkg: 5446-1
>>> 
>>> Revision rd413aea10325 (ppc64le; channels: 13-21.10_beta)
>>> * dpkg: 5446-1
>>> 
>>> Revision rdb1ecfaca58b (s390x; channels: 13-21.10_beta)
>>> * dpkg: 5446-1
>>> 
>>> Revision rdfe9cc14fc01 (ppc64le; channels: 12-20.04_edge)
>>> * dpkg: 5446-1
>>> 
>>> Revision rf0b7dcc3088c (amd64; channels: 14-22.04_edge)
>>> * dpkg: 5446-1
>>> 
>>> Revision rf16ae2244f7a (s390x; channels: edge, latest, 14-22.04_beta)
>>> * dpkg: 5446-1
>>> 
>>> Revision rf7dd1b5107af (amd64; channels: edge, latest, 14-22.04_beta)
>>> * dpkg: 5446-1
>>> 
>>> Revision rfec4705ef966 (s390x; channels: 14-22.04_edge)
>>> * dpkg: 5446-1
>>> 
>>> Simply rebuilding the rock will pull in the new security updates and
>>> resolve this. If your rock also contains vendored code, now might be a
>>> good time to review it for any needed updates.
>>> 
>>> Thank you for your rock and for attending to this matter.
>>> 
>>> References:
>>> * https://ubuntu.com/security/notices/USN-5446-1/
>>> 
> 
> -- 
> Athos Ribeiro

References

postgres contains outdated Ubuntu packages
From: security-team-toolbox-bot, 2022-05-27
Re: postgres contains outdated Ubuntu packages
From: Valentin Viennot, 2022-05-31
Re: postgres contains outdated Ubuntu packages
From: Athos Ribeiro, 2022-05-31