Skip to content

chore(deps): rpm updates - abandoned #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release-5.3
Choose a base branch
from
Open

chore(deps): rpm updates - abandoned #21

wants to merge 1 commit into from

Conversation

@konflux-internal-p02
Copy link

@konflux-internal-p02 konflux-internal-p02 bot commented Jul 29, 2025
edited
Loading

This PR contains the following updates:

Package Update Change
bash patch 4.4.20-5.el8 -> 4.4.20-6.el8_10
dbus patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-common patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-daemon patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-libs patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-tools patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
glibc patch 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-all-langpacks patch 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-common patch 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-gconv-extra patch 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
libarchive patch 3.3.3-5.el8 -> 3.3.3-6.el8_10
libatomic patch 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libgcc patch 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libgfortran patch 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libgomp patch 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libquadmath patch 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libstdc++ patch 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libxml2 patch 2.9.7-21.el8_10.1 -> 2.9.7-21.el8_10.3
libxslt patch 1.1.32-6.2.el8_10 -> 1.1.32-6.3.el8_10
pam patch 1.3.1-37.el8_10 -> 1.3.1-38.el8_10
platform-python patch 3.6.8-70.el8_10 -> 3.6.8-71.el8_10
platform-python-devel patch 3.6.8-70.el8_10 -> 3.6.8-71.el8_10
python3-cryptography patch 3.2.1-7.el8_9 -> 3.2.1-8.el8_10
python3-libs patch 3.6.8-70.el8_10 -> 3.6.8-71.el8_10
python3-requests patch 2.20.0-5.el8_10 -> 2.20.0-6.el8_10
sqlite-libs patch 3.26.0-19.el8_9 -> 3.26.0-20.el8_10
sudo patch 1.9.5p2-1.el8_10.1 -> 1.9.5p2-1.el8_10.2
tar patch 2:1.30-10.el8_10 -> 2:1.30-11.el8_10
which patch 2.21-20.el8 -> 2.21-21.el8_10

glibc: Double free in glibc

CVE-2025-8058

More information

Severity

Moderate

References

glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

CVE-2025-4802

More information

Severity

Moderate

References

glibc: Vector register overwrite bug in glibc

CVE-2025-5702

More information

Severity

Moderate

References

libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

CVE-2025-5914

More information

Severity

Important

References

libarchive: Buffer Overflow vulnerability in libarchive

CVE-2025-25724

More information

Severity

Moderate

References

libarchive: heap buffer over-read in header_gnu_longlink

CVE-2024-57970

More information

Severity

Moderate

References

libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

CVE-2025-7425

More information

Severity

Important

References

libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

CVE-2025-32415

More information

Severity

Moderate

References

libxml: Heap use after free (UAF) leads to Denial of service (DoS)

CVE-2025-49794

More information

Severity

Important

References

libxml: Type confusion leads to Denial of service (DoS)

CVE-2025-49796

More information

Severity

Important

References

libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2

CVE-2025-6021

More information

Severity

Important

References

libxml2: Out-of-Bounds Read in libxml2

CVE-2025-32414

More information

Severity

Moderate

References

libxml2: XXE vulnerability

CVE-2024-40896

More information

Severity

Critical

References

libxml: Null pointer dereference leads to Denial of service (DoS)

CVE-2025-49795

More information

Severity

Important

References

libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList)

CVE-2024-55549

More information

Severity

Important

References

libxslt: Processing web content may disclose sensitive information

CVE-2023-40403

More information

Severity

Moderate

References

libxslt: Use-After-Free in libxslt numbers.c

CVE-2025-24855

More information

Severity

Important

References

linux-pam: Incomplete fix for CVE-2025-6020

CVE-2025-8941

More information

Severity

Important

References

linux-pam: Linux-pam directory Traversal

CVE-2025-6020

More information

Severity

Important

References

cpython: Cpython infinite loop when parsing a tarfile

CVE-2025-8194

More information

Severity

Moderate

References

python-cryptography: NULL-dereference when loading PKCS7 certificates

CVE-2023-49083

More information

Severity

Moderate

References

cpython: python: Extraction filter bypass for linking outside extraction directory

CVE-2025-4330

More information

Severity

Important

References

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

CVE-2024-12718

More information

Severity

Important

References

python: cpython: Arbitrary writes via tarfile realpath overflow

CVE-2025-4517

More information

Severity

Important

References

cpython: Tarfile extracts filtered members when errorlevel=0

CVE-2025-4435

More information

Severity

Important

References

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

CVE-2025-4138

More information

Severity

Important

References

python: cpython: URL parser allowed square brackets in domain names

CVE-2025-0938

More information

Severity

Moderate

References

requests: Requests vulnerable to .netrc credentials leak via malicious URLs

CVE-2024-47081

More information

Severity

Moderate

References

requests: subsequent requests to the same host ignore cert verification

CVE-2024-35195

More information

Severity

Moderate

References

sqlite: Integer Truncation in SQLite

CVE-2025-6965

More information

Severity

Important

References

SQLite: integer overflow in SQLite

CVE-2025-3277

More information

Severity

Important

References

sudo: LPE via host option

CVE-2025-32462

More information

Severity

Important

References

sudo: LPE via chroot option

CVE-2025-32463

More information

Severity

Important

References

Configuration

📅 Schedule: Branch creation - "before 5am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).

@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 6 times, most recently from b63b6c3 to a403031 Compare August 7, 2025 12:19
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 6 times, most recently from aecbae1 to 77c4755 Compare August 15, 2025 08:17
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 4 times, most recently from 9555c0b to ad47429 Compare August 20, 2025 16:20
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 2 times, most recently from 3a69145 to eb1aa8a Compare August 26, 2025 04:19
@konflux-internal-p02 konflux-internal-p02 bot changed the title chore(deps): rpm updates [security] chore(deps): rpm updates Aug 26, 2025
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 4 times, most recently from 3704a35 to a60248d Compare September 2, 2025 04:21
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 2 times, most recently from df91cfa to 66c73e7 Compare September 9, 2025 04:21
@konflux-internal-p02
chore(deps): rpm updates
e18a0d2 
Signed-off-by: konflux-internal-p02 <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch from 66c73e7 to e18a0d2 Compare September 10, 2025 00:18
@konflux-internal-p02 konflux-internal-p02 bot changed the title chore(deps): rpm updates chore(deps): rpm updates - abandoned Oct 8, 2025
@konflux-internal-p02
Copy link
Author

konflux-internal-p02 bot commented Oct 8, 2025

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant