A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:
Revision r29deba504c9e (s390x; channels: 1.6-21.10_edge, 1.6-21.10_beta)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision r3e64b691a9a8 (arm64; channels: 1.6-21.10_edge, 1.6-21.10_beta)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision r48b6a200f72a (amd64; channels: 1.5-20.04_beta, 1.5-20.04_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision r64b749116ccb (ppc64le; channels: 1.6-21.10_edge, 1.6-21.10_beta)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision r8695dbdad3eb (s390x; channels: 1.5-20.04_beta, 1.5-20.04_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision rb6db4fdd8871 (amd64; channels: 1.6-21.10_edge, 1.6-21.10_beta)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision rc3e7f95499f6 (arm64; channels: 1.5-20.04_beta, 1.5-20.04_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision re6e2661a240f (s390x; channels: edge, 1.6-22.04_edge, latest, 1.6-22.04_beta)
* gpgv: 5503-1
* libssl3: 5502-1
Revision re97f9b3fa4c2 (amd64; channels: edge, 1.6-22.04_edge, latest, 1.6-22.04_beta)
* gpgv: 5503-1
* libssl3: 5502-1
Revision reb4db6c78cbd (arm64; channels: edge, 1.6-22.04_edge, latest, 1.6-22.04_beta)
* gpgv: 5503-1
* libssl3: 5502-1
Revision rf333a01d90ef (ppc64le; channels: 1.5-20.04_beta, 1.5-20.04_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision rf67340585d6d (ppc64le; channels: edge, 1.6-22.04_edge, latest, 1.6-22.04_beta)
* gpgv: 5503-1
* libssl3: 5502-1
Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.
Thank you for your rock and for attending to this matter.
References:
* https://ubuntu.com/security/notices/USN-5502-1/
* https://ubuntu.com/security/notices/USN-5503-1/
