A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:
Revision r0c836639c78b (s390x; channels: 1.18-22.04_edge, 1.18-22.04_beta)
* libbpf0: 5759-1
* libxml2: 5760-1
Revision r1395fd138880 (ppc64le; channels: 1.22-22.10_edge, latest, edge, 1.22-22.10_beta)
* libbpf0: 5759-1
* libxml2: 5760-1
Revision r558e5370846f (ppc64le; channels: 1.18-20.04_beta, 1.18-20.04_edge)
* libxml2: 5760-1
Revision r89e7011b9d28 (amd64; channels: 1.18-22.04_edge, 1.18-22.04_beta)
* libbpf0: 5759-1
* libxml2: 5760-1
Revision r9911460e8163 (arm64; channels: 1.18-22.04_edge, 1.18-22.04_beta)
* libbpf0: 5759-1
* libxml2: 5760-1
Revision r9f0c389ae2da (s390x; channels: 1.22-22.10_edge, latest, edge, 1.22-22.10_beta)
* libbpf0: 5759-1
* libxml2: 5760-1
Revision rbf7026851c4b (arm64; channels: 1.18-20.04_beta, 1.18-20.04_edge)
* libxml2: 5760-1
Revision rc6df7ece5dac (amd64; channels: 1.22-22.10_edge, latest, edge, 1.22-22.10_beta)
* libbpf0: 5759-1
* libxml2: 5760-1
Revision rca27e165ce17 (s390x; channels: 1.18-20.04_beta, 1.18-20.04_edge)
* libxml2: 5760-1
Revision rca2debb7baa9 (arm64; channels: 1.22-22.10_edge, latest, edge, 1.22-22.10_beta)
* libbpf0: 5759-1
* libxml2: 5760-1
Revision rcd792da2ba5f (ppc64le; channels: 1.18-22.04_edge, 1.18-22.04_beta)
* libbpf0: 5759-1
* libxml2: 5760-1
Revision rf57aadfcbfb4 (amd64; channels: 1.18-20.04_beta, 1.18-20.04_edge)
* libxml2: 5760-1
Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.
Thank you for your rock and for attending to this matter.
References:
* https://ubuntu.com/security/notices/USN-5759-1/
* https://ubuntu.com/security/notices/USN-5760-1/
