Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-1.34] Backport for CVE-2024-3727 #5548

Draft
wants to merge 1 commit into
base: release-1.34
Choose a base branch
from
Draft

[release-1.34] Backport for CVE-2024-3727 #5548

wants to merge 1 commit into from

Conversation

danishprakash
Copy link
Contributor

Bump c/image to v5.29.3, c/common to v0.57.5 to address CVE-2024-3727

@danishprakash
[release-1.34] Bump c/image v5.29.3, c/common v0.57.5, CVE-2024-3727
f8cc985 
Bump c/image to v5.29.3, c/common to v0.57.5 to address
CVE-2024-3727

Signed-off-by: Danish Prakash <[email protected]>
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 28, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: danishprakash
Once this PR has been reviewed and has the lgtm label, please assign giuseppe for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@packit-as-a-service Packit-as-a-Service
Copy link

Ephemeral COPR build failed. @containers/packit-build please check.

@danishprakash danishprakash marked this pull request as draft May 28, 2024 12:29
@TomSweeneyRedHat
Copy link
Member

@danishprakash This could be "entertaining". The definition for DefaultStoreOptions() in c/storage types changed in 1.51 from four variables passed in to zero passed in. I think if you vendored c/storage 1.51.0 in it would take care of your compile issue, but would probably cause other issues for dependencies that showed up in c/storage 1.52 and later.

I was not planning to bump v1.33 as v1.34 has the fix in it now, but could be convinced otherwise.

@nalind
Copy link
Member

nalind commented May 29, 2024

@danishprakash This could be "entertaining". The definition for DefaultStoreOptions() in c/storage types changed in 1.51 from four variables passed in to zero passed in. I think if you vendored c/storage 1.51.0 in it would take care of your compile issue, but would probably cause other issues for dependencies that showed up in c/storage 1.52 and later.

I was not planning to bump v1.33 as v1.34 has the fix in it now, but could be convinced otherwise.

Did you mean 1.35? The tip of the release-1.34 branch is currently using github.com/containers/image v5.29.1-0.20231120202631-293b00ba7166, which is from last year.

@TomSweeneyRedHat
Copy link
Member

@nalind, you're right, but @danishprakash is also bumping c/image here to v5.29.3, which is where things get a bit wonky.

@github-actions GitHub Actions
Copy link

A friendly reminder that this PR had no activity for 30 days.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
do-not-merge/work-in-progress stale-pr
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@danishprakash @TomSweeneyRedHat @nalind