ubuntu-docker-images team mailing list archive

Thread
Date

Re: mlflow contains outdated Ubuntu packages

To: Snap Store <noreply+security-snap-review@xxxxxxxxxxxxx>, Enrico Deusebio <enrico.deusebio@xxxxxxxxxxxxx>, Daniela Plascencia <daniela.plascencia@xxxxxxxxxxxxx>
From: Cristovao Cordeiro <cristovao.cordeiro@xxxxxxxxxxxxx>
Date: Tue, 26 Aug 2025 17:39:48 +0200
Cc: dragomir.penev@xxxxxxxxxxxxx, paulo.machado@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, rocks@xxxxxxxxxxxxx
In-reply-to: <68a98b28.050a0220.a2867.250cSMTPIN_ADDED_MISSING@mx.google.com>

adding @Enrico Deusebio <enrico.deusebio@xxxxxxxxxxxxx> and @Daniela
Plascencia <daniela.plascencia@xxxxxxxxxxxxx> to this thread, since I don't
think they are getting these notifications.

On Sat, Aug 23, 2025 at 11:34 AM Snap Store <
noreply+security-snap-review@xxxxxxxxxxxxx> wrote:

> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r2148a9775662 (amd64; channels: 2.1.1_1.0-22.04)
>  * libpython3.10-minimal: 7710-1
>  * libpython3.10-stdlib: 7710-1
>  * python3.10: 7710-1
>  * python3.10-minimal: 7710-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
>  * https://ubuntu.com/security/notices/USN-7710-1/
>


-- 
Cristovao Cordeiro (aka Cris)