Merge CVE fixes for September 2.0 release #3724
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* qemu : fix CVE-2022-35414 * address PR comment Co-authored-by: Nicolas Guibourge <[email protected]>
* libxml2 and python-lxml: fix CVE-2022-2309 * libxml2 and python-lxml: fix CVE-2022-2309 * address PR comments Co-authored-by: Nicolas Guibourge <[email protected]>
* rubygem-yajl-ruby : fix CVE-2022-24795 * rubygem-yajl-ruby : fix CVE-2022-24795 * back port patch from 1.4.1 * fix spec issue * address PR comments Co-authored-by: Nicolas Guibourge <[email protected]>
- Update cert-manager to v1.7.3. - Split cert-manager binaries into separate packages. - Remove cert-manager build dependency on Bazel and just build the binaries directly using `go build`. This makes building easier. Also, the latest upstream version of cert-manager does this. - Use the Go "vendor" directory for Go dependencies instead of dumping files in the global Go cache.
) Co-authored-by: Pawel Winogrodzki <[email protected]>
* dpkd: bump version to 21.11.2 to address CVE-2022-2132 * dpdk: cgmanifest: update entry Signed-off-by: Muhammad Falak R Wani <[email protected]>
…VE-2021-33645, CVE-2021-33646 (#3686) * Apply Fedora patches * Apply linter * Use upstream patch
…ides (#3698) * Fixup libtar spec formatting, .la files, provides * Add comment so we can track CVE fixes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
What does the PR accomplish, why was it needed?
Merge the following CVE fixes from main.
50ea128 (HEAD -> anphel/sept-cve-release, origin/anphel/sept-cve-release) update mariner-release to 2.0-19 (#3723)
ae75986 libtar: Fixup spec formatting, remove .la files, remove explicit provides (#3698)
19f1d7d Patch qemu CVE-2021-4158 (#3696)
ef6062e libtar: Pull misc Fedora patches, fix CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646 (#3686)
8d0b43b
virglrenderer: fix CVE-2022-0135 (#3674)5c7186a
colord: fix CVE-2021-42523 (#3675)93d3f45
python3: fix CVE-2021-28861 (#3654)9178741
python3: fix CVE-2015-20107 (#3644)aa46332
vim: upgrade to 9.0.0325 to fix CVE-2022-2980, CVE-2022-2982, CVE-2022-2923, CVE-2022-2946 (#3643)f4f8a58 dpkd: bump version to 21.11.2 to address CVE-2022-2132 (#3631)
fdc6619 Bump supported go versions to 1.17.13, 1.18.5 to fix fifteen CVEs (#3600)
7827361 rubygem-yajl-ruby: fix CVE 2022 24795 (#3598)
72240a4 libxml2 and python-lxml: fix CVE-2022-2309 (#3583)
5f8a64d Update cert-manager to v1.7.3. (#3575)
(Required to resolve merge conflict from golang update)
6e982cb qemu : fix CVE-2022-35414 (#3597)
414a533 upgrade vim to 9.0.0232 (#3580)
1064a45 fix npm version in nodejs.spec (#3571)