A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:
Revision r1f59e2ffd801 (s390x; channels: 2.4-20.04_beta, 2.4-20.04_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision r21ddfa8c3769 (amd64; channels: edge, latest, 2.4-22.04_beta, 2.4-22.04_edge)
* gpgv: 5503-1
* libssl3: 5502-1
Revision r47c4d15ca8ce (amd64; channels: 2.4-20.04_beta, 2.4-20.04_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision r72c75ba383b9 (arm64; channels: 2.4-21.10_beta, 2.4-21.10_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision r958242cff04e (ppc64le; channels: edge, latest, 2.4-22.04_beta, 2.4-22.04_edge)
* gpgv: 5503-1
* libssl3: 5502-1
Revision ra2b6b55a0ec0 (ppc64le; channels: 2.4-20.04_beta, 2.4-20.04_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision rb53c7ce99941 (ppc64le; channels: 2.4-21.10_beta, 2.4-21.10_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision rc3e2b04fa128 (amd64; channels: 2.4-21.10_beta, 2.4-21.10_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision rc746056626fa (s390x; channels: 2.4-21.10_beta, 2.4-21.10_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision rcef5b1aca32b (s390x; channels: edge, latest, 2.4-22.04_beta, 2.4-22.04_edge)
* gpgv: 5503-1
* libssl3: 5502-1
Revision rd1091cbf7af2 (arm64; channels: edge, latest, 2.4-22.04_beta, 2.4-22.04_edge)
* gpgv: 5503-1
* libssl3: 5502-1
Revision rf528cf575414 (arm64; channels: 2.4-20.04_beta, 2.4-20.04_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.
Thank you for your rock and for attending to this matter.
References:
* https://ubuntu.com/security/notices/USN-5502-1/
* https://ubuntu.com/security/notices/USN-5503-1/
