Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-1.14] CVE-2024-3727 #2337

Merged
merged 2 commits into from
May 29, 2024
Merged

[release-1.14] CVE-2024-3727 #2337

merged 2 commits into from
May 29, 2024

Conversation

TomSweeneyRedHat
Copy link
Member

Add the fix to the release-14 branch for CVE-2024-3727. This will fix the issue in OCP v4.16 and RHEL 8.10/9.4

Currently addresses: https://issues.redhat.com/browse/OCPBUGS-33267 until the RHEL 8.10 and 9.4 Jira cards are created.

@packit-as-a-service Packit-as-a-Service
Copy link

Ephemeral COPR build failed. @containers/packit-build please check.

@mtrmac
Copy link
Contributor

mtrmac commented May 27, 2024

@lsm5 On this stable release-1.14 branch, do we need similar .packit.yml changes as in #2312, or should that be removed entirely? Or we can just ignore the failures.

I’m fine with any of that, but given that this PR is intended to target the failing RHEL 8/9, I thought I’d double-check before moving forward with tagging a possibly-unwanted release.

@mtrmac mtrmac mentioned this pull request May 27, 2024
Closed
@TomSweeneyRedHat
Copy link
Member Author

@lsm5 I think the packit changes should be made here. We're likely to be supporting this version for a long time on RHEL.

@lsm5
Copy link
Member

lsm5 commented May 29, 2024

what exact version will this be supported on ? Only RHEL 9? I can update the config for this branch.

@mtrmac mtrmac mentioned this pull request May 29, 2024
Merged
@mtrmac
Copy link
Contributor

mtrmac commented May 29, 2024

To double-check, ideally we should merge #2341, and then see the tests succeed here, is that correct?

@lsm5
Copy link
Member

lsm5 commented May 29, 2024

@TomSweeneyRedHat please rebase on latest release-1.14 . That will pick up the latest packit targets.

@TomSweeneyRedHat
[release-1.14] CVE-2024-3727 fix
8829b42 
This addresses CVE-2024-3727
https://issues.redhat.com/browse/OCPBUGS-33267

Signed-off-by: tomsweeneyredhat <[email protected]>
@TomSweeneyRedHat
[release-1.14] Bump to Skopeo v1.14.4
ea14356 
As the title says, bumping to v1.14.4 to get
a release ready with the CVE-2024-3727 fix.

Signed-off-by: tomsweeneyredhat <[email protected]>
@TomSweeneyRedHat TomSweeneyRedHat force-pushed the dev/tsweeney/release-1.14-CVE-2024-3727 branch from 03efb0b to ea14356 Compare May 29, 2024 18:29
@TomSweeneyRedHat
Copy link
Member Author

rebased and repushed, 🤞

@mtrmac
Copy link
Contributor

mtrmac commented May 29, 2024

Thanks again!

@mtrmac mtrmac merged commit 78d9c9a into containers:release-1.14 May 29, 2024
10 checks passed
@stale-locking-app stale-locking-app bot locked as resolved and limited conversation to collaborators Aug 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
locked - please file new issue/PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@TomSweeneyRedHat @mtrmac @lsm5