ubuntu-docker-images team mailing list archive

Thread
Date

memcached contains outdated Ubuntu packages

To: rocks@xxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx, athos.ribeiro@xxxxxxxxxxxxx, carl.csaposs@xxxxxxxxxxxxx, dragomir.penev@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, paulo.machado@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
From: security-team-toolbox-bot@xxxxxxxxxxxxx
Date: Fri, 04 Apr 2025 05:19:21 -0000

A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:

Revision r0354d93df51c (arm64; channels: 1.6-24.10_edge)
 * gpgv: 7412-1
 * liblzma5: 7414-1

Revision r16f57ee34bed (ppc64le; channels: 1.6-24.10_beta, latest, edge)
 * gpgv: 7412-1
 * liblzma5: 7414-1

Revision r26e80d683079 (arm64; channels: 1.6-22.04_edge, 1.6-22.04_beta)
 * gpgv: 7412-1

Revision r33dcf7632be8 (ppc64le; channels: 1.5-20.04_beta, 1.5-20.04_edge)
 * gpgv: 7412-1

Revision r3a46157119f8 (amd64; channels: 1.5-20.04_beta, 1.5-20.04_edge)
 * gpgv: 7412-1

Revision r50f326a2846d (amd64; channels: 1.6-24.04_beta, 1.6-24.04_edge)
 * gpgv: 7412-1
 * liblzma5: 7414-1

Revision r5d01cb390d6f (s390x; channels: 1.6-24.04_beta, 1.6-24.04_edge)
 * gpgv: 7412-1
 * liblzma5: 7414-1

Revision r67a9743f4ea2 (ppc64le; channels: 1.6-24.04_beta, 1.6-24.04_edge)
 * gpgv: 7412-1
 * liblzma5: 7414-1

Revision r6a13ee7350a6 (s390x; channels: 1.5-20.04_beta, 1.5-20.04_edge)
 * gpgv: 7412-1

Revision r8d7d93f24886 (ppc64le; channels: 1.6-22.04_edge, 1.6-22.04_beta)
 * gpgv: 7412-1

Revision rb77f4a358da8 (amd64; channels: 1.6-24.10_edge)
 * gpgv: 7412-1
 * liblzma5: 7414-1

Revision rb7c2d9e80423 (arm64; channels: 1.5-20.04_beta, 1.5-20.04_edge)
 * gpgv: 7412-1

Revision rbff6c53356ef (amd64; channels: 1.6-22.04_edge, 1.6-22.04_beta)
 * gpgv: 7412-1

Revision rc9626fca8137 (amd64; channels: 1.6-24.10_beta, latest, edge)
 * gpgv: 7412-1
 * liblzma5: 7414-1

Revision rce04145abc35 (s390x; channels: 1.6-22.04_edge, 1.6-22.04_beta)
 * gpgv: 7412-1

Revision re50b19b73f21 (ppc64le; channels: 1.6-24.10_edge)
 * gpgv: 7412-1
 * liblzma5: 7414-1

Revision rf3f538080caa (s390x; channels: 1.6-24.10_beta, latest, edge)
 * gpgv: 7412-1
 * liblzma5: 7414-1

Revision rfb736531bcc0 (arm64; channels: 1.6-24.04_beta, 1.6-24.04_edge)
 * gpgv: 7412-1
 * liblzma5: 7414-1

Revision rfe428b50b346 (arm64; channels: 1.6-24.10_beta, latest, edge)
 * gpgv: 7412-1
 * liblzma5: 7414-1

Revision rfff6c7a9eba1 (s390x; channels: 1.6-24.10_edge)
 * gpgv: 7412-1
 * liblzma5: 7414-1

Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.

Thank you for your rock and for attending to this matter.

References:
 * https://ubuntu.com/security/notices/USN-7412-1/
 * https://ubuntu.com/security/notices/USN-7414-1/