ubuntu-docker-images team mailing list archive

Thread
Date

CVEs potentially affecting upstream based ROCKs

To: ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx, emilia.torino@xxxxxxxxxxxxx, paulo.smorigo@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, dylan.stephano-shachter@xxxxxxxxxxxxx
From: security-team-toolbox-bot@xxxxxxxxxxxxx
Date: Thu, 26 Jun 2025 05:13:36 -0000

New CVEs affecting packages used to build upstream based rocks have been
created in the Ubuntu CVE tracker:

* libssh: CVE-2025-4877, CVE-2025-4878, CVE-2025-5351, CVE-2025-5372,
CVE-2025-5449, CVE-2025-5987

Please review your rock to understand if it is affected by these CVEs.

Thank you for your rock and for attending to this matter.

References:
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2025-4877
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2025-4878
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2025-5351
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2025-5372
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2025-5449
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2025-5987