ubuntu-docker-images team mailing list archive

[Cristovao Cordeiro <cristovao.cordeiro@xxxxxxxxxxxxx>]

Hi Emilia,

"ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx" is already a recipient, and @Michal
Hucko <michal.hucko@xxxxxxxxxxxxx> and @Maciej Mazur
<maciej.mazur@xxxxxxxxxxxxx> are already part of it. So it should be ok.

On Fri, Mar 17, 2023 at 2:38 PM Emilia Torino <emilia.torino@xxxxxxxxxxxxx>
wrote:

> FYI mlflow is affected by a python USN. By default it was only sent to
> Sergio.
>
> There is a pending review-tools change to set mlflow notifications
> recipients:
> https://git.launchpad.net/review-tools/tree/reviewtools/overrides.py#n1375.
> Should this be set to the same list of people as the existing rocks
> https://git.launchpad.net/review-tools/tree/reviewtools/overrides.py#n1109
> ?
>
> ---------- Forwarded message ---------
> From: <security-team-toolbox-bot@xxxxxxxxxxxxx>
> Date: Fri, Mar 17, 2023 at 2:07 AM
> Subject: mlflow contains outdated Ubuntu packages
> To: <rocks@xxxxxxxxxxxxx>, <sergio.durigan@xxxxxxxxxxxxx>
>
>
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision rb305e23df61d (amd64; channels: 2.1.1_1.0-22.04)
>  * libpython3.10-minimal: 5960-1
>  * libpython3.10-stdlib: 5960-1
>  * python3.10: 5960-1
>  * python3.10-minimal: 5960-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
>  * https://ubuntu.com/security/notices/USN-5960-1/
>


-- 
Cris