ubuntu-docker-images team mailing list archive

[Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>]

On Tue, Mar 21, 2023 at 05:07:14AM +0000, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r119672d6ae17 (s390x; channels: 2.4-22.04_beta, 2.4-22.04_edge)
> * libcurl4: 5964-1
>
> Revision r1686fac7e40e (amd64; channels: 2.4-20.04_edge, 2.4-20.04_beta)
> * libcurl4: 5964-1
>
> Revision r3028aeccd661 (ppc64le; channels: 2.4-20.04_edge, 2.4-20.04_beta)
> * libcurl4: 5964-1
>
> Revision r5cc8f76dcc25 (amd64; channels: 2.4-22.04_beta, 2.4-22.04_edge)
> * libcurl4: 5964-1
>
> Revision r64041dc6cd0c (s390x; channels: 2.4-22.10_edge, 2.4-22.10_beta, edge, latest)
> * libcurl4: 5964-1
>
> Revision r7f9ec3a4ef51 (s390x; channels: 2.4-20.04_edge, 2.4-20.04_beta)
> * libcurl4: 5964-1
>
> Revision r9c49f1a9aae7 (ppc64le; channels: 2.4-22.10_edge, 2.4-22.10_beta, edge, latest)
> * libcurl4: 5964-1
>
> Revision ra3a812d63761 (arm64; channels: 2.4-20.04_edge, 2.4-20.04_beta)
> * libcurl4: 5964-1
>
> Revision rb10228e60647 (amd64; channels: 2.4-22.10_edge, 2.4-22.10_beta, edge, latest)
> * libcurl4: 5964-1
>
> Revision rd6711ec59ab9 (arm64; channels: 2.4-22.10_edge, 2.4-22.10_beta, edge, latest)
> * libcurl4: 5964-1
>
> Revision rdb53f86379ed (arm64; channels: 2.4-22.04_beta, 2.4-22.04_edge)
> * libcurl4: 5964-1
>
> Revision reb4159d90b58 (ppc64le; channels: 2.4-22.04_beta, 2.4-22.04_edge)
> * libcurl4: 5964-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5964-1/

These images were re-built and re-tagged.

--
Athos Ribeiro