ubuntu-docker-images team mailing list archive
-
ubuntu-docker-images team
-
Mailing list archive
-
Message #00499
nginx contains outdated Ubuntu packages
-
To:
rocks@xxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx, athos.ribeiro@xxxxxxxxxxxxx, carl.csaposs@xxxxxxxxxxxxx, dragomir.penev@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, paulo.machado@xxxxxxxxxxxxx, ryan.barry@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
-
From:
security-team-toolbox-bot@xxxxxxxxxxxxx
-
Date:
Wed, 1 Mar 2023 05:07:48 +0000 (UTC)
A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:
Revision r00d8616f3539 (amd64; channels: 1.18-22.04_beta, 1.18-22.04_edge)
* libgnutls30: 5901-1
* tar: 5900-1
Revision r102d617ec03c (arm64; channels: edge, latest, 1.22-22.10_edge, 1.22-22.10_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision r345ddd164162 (s390x; channels: 1.18-20.04_beta, 1.18-20.04_edge)
* libgnutls30: 5901-1
* tar: 5900-1
Revision r70d559527a77 (amd64; channels: 1.18-20.04_beta, 1.18-20.04_edge)
* libgnutls30: 5901-1
* tar: 5900-1
Revision r82e83d0b81ea (ppc64le; channels: edge, latest, 1.22-22.10_edge, 1.22-22.10_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision r83ee772fe773 (s390x; channels: edge, latest, 1.22-22.10_edge, 1.22-22.10_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision r962e7f7be06a (amd64; channels: edge, latest, 1.22-22.10_edge, 1.22-22.10_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision ra94fbe3112dd (ppc64le; channels: 1.18-20.04_beta, 1.18-20.04_edge)
* libgnutls30: 5901-1
* tar: 5900-1
Revision rbc4b6d0298bd (arm64; channels: 1.18-22.04_beta, 1.18-22.04_edge)
* libgnutls30: 5901-1
* tar: 5900-1
Revision rccf7898029e6 (s390x; channels: 1.18-22.04_beta, 1.18-22.04_edge)
* libgnutls30: 5901-1
* tar: 5900-1
Revision rda279aaf1060 (arm64; channels: 1.18-20.04_beta, 1.18-20.04_edge)
* libgnutls30: 5901-1
* tar: 5900-1
Revision rdbe610f0bfe0 (ppc64le; channels: 1.18-22.04_beta, 1.18-22.04_edge)
* libgnutls30: 5901-1
* tar: 5900-1
Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.
Thank you for your rock and for attending to this matter.
References:
* https://ubuntu.com/security/notices/USN-5900-1/
* https://ubuntu.com/security/notices/USN-5901-1/
Follow ups
