ubuntu-docker-images team mailing list archive

[Emilia Torino <emilia.torino@xxxxxxxxxxxxx>]

Perfect, thanks!

On Fri, Mar 17, 2023 at 10:58 AM Cristovao Cordeiro <
cristovao.cordeiro@xxxxxxxxxxxxx> wrote:

> Hi Emilia,
>
> "ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx" is already a recipient, and @Michal
> Hucko <michal.hucko@xxxxxxxxxxxxx> and @Maciej Mazur
> <maciej.mazur@xxxxxxxxxxxxx> are already part of it. So it should be ok.
>
> On Fri, Mar 17, 2023 at 2:38 PM Emilia Torino <emilia.torino@xxxxxxxxxxxxx>
> wrote:
>
>> FYI mlflow is affected by a python USN. By default it was only sent to
>> Sergio.
>>
>> There is a pending review-tools change to set mlflow notifications
>> recipients:
>> https://git.launchpad.net/review-tools/tree/reviewtools/overrides.py#n1375.
>> Should this be set to the same list of people as the existing rocks
>> https://git.launchpad.net/review-tools/tree/reviewtools/overrides.py#n1109
>> ?
>>
>> ---------- Forwarded message ---------
>> From: <security-team-toolbox-bot@xxxxxxxxxxxxx>
>> Date: Fri, Mar 17, 2023 at 2:07 AM
>> Subject: mlflow contains outdated Ubuntu packages
>> To: <rocks@xxxxxxxxxxxxx>, <sergio.durigan@xxxxxxxxxxxxx>
>>
>>
>> A scan of this rock shows that it was built with packages from the Ubuntu
>> archive that have since received security updates. The following lists new
>> USNs for affected binary packages in each rock revision:
>>
>> Revision rb305e23df61d (amd64; channels: 2.1.1_1.0-22.04)
>>  * libpython3.10-minimal: 5960-1
>>  * libpython3.10-stdlib: 5960-1
>>  * python3.10: 5960-1
>>  * python3.10-minimal: 5960-1
>>
>> Simply rebuilding the rock will pull in the new security updates and
>> resolve this. If your rock also contains vendored code, now might be a
>> good time to review it for any needed updates.
>>
>> Thank you for your rock and for attending to this matter.
>>
>> References:
>>  * https://ubuntu.com/security/notices/USN-5960-1/
>>
>
>
> --
> Cris
>