Skip to content

chore(deps): rpm updates #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release-5.3
Choose a base branch
from
Open

chore(deps): rpm updates #28

wants to merge 1 commit into from
+298 −298

Conversation

konflux-internal-p02[bot]
Copy link
Contributor

@konflux-internal-p02 konflux-internal-p02 bot commented Jul 29, 2025
edited
Loading

This PR contains the following updates:

Package Update Change
bash patch 4.4.20-5.el8 -> 4.4.20-6.el8_10
dbus patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-common patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-daemon patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-libs patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-tools patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
glibc patch 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-all-langpacks patch 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-common patch 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-gconv-extra patch 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
libarchive patch 3.3.3-5.el8 -> 3.3.3-6.el8_10
libgcc patch 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libgomp patch 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libstdc++ patch 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libxml2 patch 2.9.7-21.el8_10.1 -> 2.9.7-21.el8_10.3
pam patch 1.3.1-37.el8_10 -> 1.3.1-38.el8_10
platform-python patch 3.6.8-70.el8_10 -> 3.6.8-71.el8_10
python3-libs patch 3.6.8-70.el8_10 -> 3.6.8-71.el8_10
sqlite-libs patch 3.26.0-19.el8_9 -> 3.26.0-20.el8_10
tar patch 2:1.30-10.el8_10 -> 2:1.30-11.el8_10
which patch 2.21-20.el8 -> 2.21-21.el8_10

glibc: Double free in glibc

CVE-2025-8058

More information

Severity

Moderate

References

glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

CVE-2025-4802

More information

Severity

Moderate

References

glibc: Vector register overwrite bug in glibc

CVE-2025-5702

More information

Severity

Moderate

References

libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

CVE-2025-5914

More information

Severity

Important

References

libarchive: Buffer Overflow vulnerability in libarchive

CVE-2025-25724

More information

Severity

Moderate

References

libarchive: heap buffer over-read in header_gnu_longlink

CVE-2024-57970

More information

Severity

Moderate

References

libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

CVE-2025-7425

More information

Severity

Important

References

libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

CVE-2025-32415

More information

Severity

Moderate

References

libxml: Type confusion leads to Denial of service (DoS)

CVE-2025-49796

More information

Severity

Important

References

libxml: Heap use after free (UAF) leads to Denial of service (DoS)

CVE-2025-49794

More information

Severity

Important

References

libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2

CVE-2025-6021

More information

Severity

Important

References

libxml2: Out-of-Bounds Read in libxml2

CVE-2025-32414

More information

Severity

Moderate

References

libxml2: XXE vulnerability

CVE-2024-40896

More information

Severity

Critical

References

libxml: Null pointer dereference leads to Denial of service (DoS)

CVE-2025-49795

More information

Severity

Important

References

linux-pam: Incomplete fix for CVE-2025-6020

CVE-2025-8941

More information

Severity

Important

References

linux-pam: Linux-pam directory Traversal

CVE-2025-6020

More information

Severity

Important

References

cpython: Cpython infinite loop when parsing a tarfile

CVE-2025-8194

More information

Severity

Moderate

References

cpython: python: Extraction filter bypass for linking outside extraction directory

CVE-2025-4330

More information

Severity

Important

References

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

CVE-2025-4138

More information

Severity

Important

References

python: cpython: Arbitrary writes via tarfile realpath overflow

CVE-2025-4517

More information

Severity

Important

References

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

CVE-2024-12718

More information

Severity

Important

References

cpython: Tarfile extracts filtered members when errorlevel=0

CVE-2025-4435

More information

Severity

Important

References

python: cpython: URL parser allowed square brackets in domain names

CVE-2025-0938

More information

Severity

Moderate

References

sqlite: Integer Truncation in SQLite

CVE-2025-6965

More information

Severity

Important

References

SQLite: integer overflow in SQLite

CVE-2025-3277

More information

Severity

Important

References

Configuration

📅 Schedule: Branch creation - "before 5am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).

@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 6 times, most recently from 3325ecd to 53ac029 Compare August 7, 2025 12:18
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 5 times, most recently from 569784e to a58f6bd Compare August 15, 2025 08:09
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 4 times, most recently from 083f779 to 31166e7 Compare August 20, 2025 16:09
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 2 times, most recently from 8067f41 to f8e0e31 Compare August 26, 2025 04:08
@konflux-internal-p02 konflux-internal-p02 bot changed the title chore(deps): rpm updates [security] chore(deps): rpm updates Aug 26, 2025
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 3 times, most recently from 9ae5435 to 66db1b4 Compare August 29, 2025 00:10
@konflux-internal-p02
chore(deps): rpm updates
3030cda 
Signed-off-by: konflux-internal-p02 <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch from 66db1b4 to 3030cda Compare September 2, 2025 04:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants