ubuntu-docker-images team mailing list archive

[Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>]

On Fri, Apr 26, 2024 at 05:14:03AM +0000, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r090b39e5e349 (s390x; channels: 2.4-20.04_beta, 2.4-20.04_edge)
> * libnghttp2-14: 6754-1
>
> Revision r15159be62d9f (arm64; channels: 2.4-22.04_beta)
> * libnghttp2-14: 6754-1
>
> Revision r2d73f0c26adc (s390x; channels: 2.4-23.10_beta, edge, latest)
> * libnghttp2-14: 6754-1
>
> Revision r4f0ac2767e92 (amd64; channels: 2.4-20.04_beta, 2.4-20.04_edge)
> * libnghttp2-14: 6754-1
>
> Revision r50d0810b4e2f (amd64; channels: 2.4-22.04_beta)
> * libnghttp2-14: 6754-1
>
> Revision r5a3ad339ad09 (ppc64le; channels: 2.4-20.04_beta, 2.4-20.04_edge)
> * libnghttp2-14: 6754-1
>
> Revision r5a6a0c44e566 (amd64; channels: 2.4-23.10_beta, edge, latest)
> * libnghttp2-14: 6754-1
>
> Revision r7fb18ca1875c (arm64; channels: 2.4-20.04_beta, 2.4-20.04_edge)
> * libnghttp2-14: 6754-1
>
> Revision r834088802ca7 (s390x; channels: 2.4-22.04_beta)
> * libnghttp2-14: 6754-1
>
> Revision rbe3d31d14613 (ppc64le; channels: 2.4-22.04_beta)
> * libnghttp2-14: 6754-1
>
> Revision rd3e4a65c71e1 (arm64; channels: 2.4-23.10_beta, edge, latest)
> * libnghttp2-14: 6754-1
>
> Revision re9eaadca93de (ppc64le; channels: 2.4-23.10_beta, edge, latest)
> * libnghttp2-14: 6754-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-6754-1/

These images were re-built and re-tagged.

--
Athos Ribeiro