ubuntu-docker-images team mailing list archive

Thread
Date

Re: apache2 contains outdated Ubuntu packages

To: rocks@xxxxxxxxxxxxx, athos.ribeiro@xxxxxxxxxxxxx, paulo.machado@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, ryan.barry@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
From: Sergio Durigan Junior <sergio.durigan@xxxxxxxxxxxxx>
Date: Thu, 08 Dec 2022 12:25:13 -0500
In-reply-to: <20221208050902.75F8D416F5@security-toolbox.internal> (security-team-toolbox-bot@canonical.com's message of "Thu, 8 Dec 2022 05:09:02 +0000 (UTC)")
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)

On Thursday, December 08 2022, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:

> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r4d42ce44095b (s390x; channels: 2.4-20.04_edge)
>  * libasn1-8-heimdal: 5766-1
>  * libgssapi3-heimdal: 5766-1
>  * libhcrypto4-heimdal: 5766-1
>  * libheimbase1-heimdal: 5766-1
>  * libheimntlm0-heimdal: 5766-1
>  * libhx509-5-heimdal: 5766-1
>  * libkrb5-26-heimdal: 5766-1
>  * libroken18-heimdal: 5766-1
>  * libwind0-heimdal: 5766-1
>
> Revision r4f845cd995df (arm64; channels: 2.4-20.04_edge, 2.4-20.04_beta)
>  * libasn1-8-heimdal: 5766-1
>  * libgssapi3-heimdal: 5766-1
>  * libhcrypto4-heimdal: 5766-1
>  * libheimbase1-heimdal: 5766-1
>  * libheimntlm0-heimdal: 5766-1
>  * libhx509-5-heimdal: 5766-1
>  * libkrb5-26-heimdal: 5766-1
>  * libroken18-heimdal: 5766-1
>  * libwind0-heimdal: 5766-1
>
> Revision r679c13bbf0bd (amd64; channels: 2.4-20.04_edge, 2.4-20.04_beta)
>  * libasn1-8-heimdal: 5766-1
>  * libgssapi3-heimdal: 5766-1
>  * libhcrypto4-heimdal: 5766-1
>  * libheimbase1-heimdal: 5766-1
>  * libheimntlm0-heimdal: 5766-1
>  * libhx509-5-heimdal: 5766-1
>  * libkrb5-26-heimdal: 5766-1
>  * libroken18-heimdal: 5766-1
>  * libwind0-heimdal: 5766-1
>
> Revision ra9afe1be3c4a (s390x; channels: 2.4-20.04_beta)
>  * libasn1-8-heimdal: 5766-1
>  * libgssapi3-heimdal: 5766-1
>  * libhcrypto4-heimdal: 5766-1
>  * libheimbase1-heimdal: 5766-1
>  * libheimntlm0-heimdal: 5766-1
>  * libhx509-5-heimdal: 5766-1
>  * libkrb5-26-heimdal: 5766-1
>  * libroken18-heimdal: 5766-1
>  * libwind0-heimdal: 5766-1
>
> Revision rc647b7b41bbe (ppc64le; channels: 2.4-20.04_edge, 2.4-20.04_beta)
>  * libasn1-8-heimdal: 5766-1
>  * libgssapi3-heimdal: 5766-1
>  * libhcrypto4-heimdal: 5766-1
>  * libheimbase1-heimdal: 5766-1
>  * libheimntlm0-heimdal: 5766-1
>  * libhx509-5-heimdal: 5766-1
>  * libkrb5-26-heimdal: 5766-1
>  * libroken18-heimdal: 5766-1
>  * libwind0-heimdal: 5766-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
>  * https://ubuntu.com/security/notices/USN-5766-1/

Rebuilt and retagged.

-- 
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0  EB2F 106D A1C8 C3CB BF14

References

apache2 contains outdated Ubuntu packages
From: security-team-toolbox-bot, 2022-12-08