A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:
Revision r078ee8a1e390 (amd64; channels: 4.10-20.04_edge, 4.10-20.04_beta)
* libexpat1: 5638-3
Revision r2310dcf07c2a (ppc64le; channels: 5.2-22.04_beta, 5.2-22.04_edge)
* libexpat1: 5638-3
Revision r3613d88c558f (ppc64le; channels: 4.10-20.04_edge, 4.10-20.04_beta)
* libexpat1: 5638-3
Revision r6c51e0fb4c45 (amd64; channels: 5.2-22.04_beta, 5.2-22.04_edge)
* libexpat1: 5638-3
Revision r8aa1c76c6da9 (s390x; channels: 4.10-20.04_edge, 4.10-20.04_beta)
* libexpat1: 5638-3
Revision r91708ec5ab86 (s390x; channels: 5.2-22.04_beta, 5.2-22.04_edge)
* libexpat1: 5638-3
Revision r9a6e912c8dc8 (arm64; channels: 4.10-20.04_edge, 4.10-20.04_beta)
* libexpat1: 5638-3
Revision recf2a767cffe (arm64; channels: 5.2-22.04_beta, 5.2-22.04_edge)
* libexpat1: 5638-3
Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.
Thank you for your rock and for attending to this matter.
References:
* https://ubuntu.com/security/notices/USN-5638-3/
