[AUTOPATCHER-CORE] Upgrade kubevirt to 1.5.3 for CVE-2025-64437, CVE-2025-64433, CVE-2025-64434, CVE-2025-64432 (microsoft#15044)

CBL-Mariner-Bot · Kanishk Bansal · xordux · web-flow · commit 85a07a8a1ec9 · 2025-11-11T19:12:40.000+05:30
Signed-off-by: Kanishk Bansal &lt;kanbansal@microsoft.com&gt;
Co-authored-by: Kanishk Bansal &lt;kanbansal@microsoft.com&gt;
Co-authored-by: Rohit Rawat &lt;rohitrawat@microsoft.com&gt;
diff --git a/SPECS/kubevirt/CVE-2025-22869.patch b/SPECS/kubevirt/CVE-2025-22869.patch
diff --git a/SPECS/kubevirt/kubevirt.signatures.json b/SPECS/kubevirt/kubevirt.signatures.json
@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "kubevirt-1.5.0.tar.gz": "35f3c1939ba8101c0566c277379b2badea557aa865cfcb843e52387aceca5470"
+    "kubevirt-1.5.3.tar.gz": "93518543f92fa6a9a16e7b6653745d6a2562c52b21af81769bf85ac6e67df5fa"
   }
 }
diff --git a/SPECS/kubevirt/kubevirt.spec b/SPECS/kubevirt/kubevirt.spec
@@ -19,8 +19,8 @@
 
 Summary:        Container native virtualization
 Name:           kubevirt
-Version:        1.5.0
-Release:        5%{?dist}
+Version:        1.5.3
+Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -30,8 +30,8 @@ Source0:        https://github.com/kubevirt/kubevirt/archive/refs/tags/v%{versio
 # The containers_meta packages and associated files are not required for the Mariner build
 # Nexus team needs these to-be-upstreamed patches for the operator Edge to work
 # correctly.
-Patch0:         CVE-2025-22869.patch
-Patch1:         CVE-2025-22872.patch
+
+Patch0:         CVE-2025-22872.patch
 
 %global debug_package %{nil}
 BuildRequires:  swtpm-tools
@@ -269,6 +269,9 @@ install -p -m 0644 cmd/virt-launcher/qemu.conf %{buildroot}%{_datadir}/kube-virt
 %{_bindir}/virt-tests
 
 %changelog
+* Mon Nov 10 2025 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.5.3-1
+- Auto-upgrade to 1.5.3 - for CVE-2025-64437, CVE-2025-64433, CVE-2025-64434, CVE-2025-64432
+
 * Thu Oct 23 2025 Kanishk Bansal <kanbansal@microsoft.com> - 1.5.0-5
 - Bump to rebuild with updated glibc
 
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -8561,8 +8561,8 @@
         "type": "other",
         "other": {
           "name": "kubevirt",
-          "version": "1.5.0",
-          "downloadUrl": "https://github.com/kubevirt/kubevirt/archive/refs/tags/v1.5.0.tar.gz"
+          "version": "1.5.3",
+          "downloadUrl": "https://github.com/kubevirt/kubevirt/archive/refs/tags/v1.5.3.tar.gz"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"Signatures": {`
`3`		`- "kubevirt-1.5.0.tar.gz": "35f3c1939ba8101c0566c277379b2badea557aa865cfcb843e52387aceca5470"`
	`3`	`+ "kubevirt-1.5.3.tar.gz": "93518543f92fa6a9a16e7b6653745d6a2562c52b21af81769bf85ac6e67df5fa"`
`4`	`4`	`}`
`5`	`5`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8561,8 +8561,8 @@`
`8561`	`8561`	`"type": "other",`
`8562`	`8562`	`"other": {`
`8563`	`8563`	`"name": "kubevirt",`
`8564`		`- "version": "1.5.0",`
`8565`		`- "downloadUrl": "https://github.com/kubevirt/kubevirt/archive/refs/tags/v1.5.0.tar.gz"`
	`8564`	`+ "version": "1.5.3",`
	`8565`	`+ "downloadUrl": "https://github.com/kubevirt/kubevirt/archive/refs/tags/v1.5.3.tar.gz"`
`8566`	`8566`	`}`
`8567`	`8567`	`}`
`8568`	`8568`	`},`