Skip to content

chore(deps): refresh rpm lockfiles [SECURITY] #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release-5.3
Choose a base branch
from
Open

chore(deps): refresh rpm lockfiles [SECURITY] #45

wants to merge 1 commit into from
+433 −433

Conversation

konflux-internal-p02[bot]
Copy link

@konflux-internal-p02 konflux-internal-p02 bot commented Sep 10, 2025
edited
Loading

This PR contains the following updates:

File rpms.in.yaml:

Package Change
bash 4.4.20-5.el8 -> 4.4.20-6.el8_10
curl 7.61.1-34.el8_10.3 -> 7.61.1-34.el8_10.8
dbus 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-common 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-daemon 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-libs 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-tools 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
file 5.33-26.el8 -> 5.33-27.el8_10
file-libs 5.33-26.el8 -> 5.33-27.el8_10
glibc 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-all-langpacks 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-common 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-gconv-extra 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
gnutls 3.6.16-8.el8_10.3 -> 3.6.16-8.el8_10.4
grub2-common 1:2.02-167.el8_10 -> 1:2.02-169.el8_10
grub2-tools 1:2.02-167.el8_10 -> 1:2.02-169.el8_10
grub2-tools-minimal 1:2.02-167.el8_10 -> 1:2.02-169.el8_10
libarchive 3.3.3-5.el8 -> 3.3.3-6.el8_10
libcom_err 1.45.6-6.el8_10 -> 1.45.6-7.el8_10
libcurl 7.61.1-34.el8_10.3 -> 7.61.1-34.el8_10.8
libgcc 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libgomp 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libstdc++ 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libxml2 2.9.7-21.el8_10.1 -> 2.9.7-21.el8_10.3
pam 1.3.1-37.el8_10 -> 1.3.1-38.el8_10
platform-python 3.6.8-70.el8_10 -> 3.6.8-71.el8_10
python3-libs 3.6.8-70.el8_10 -> 3.6.8-71.el8_10
sqlite-libs 3.26.0-19.el8_9 -> 3.26.0-20.el8_10
which 2.21-20.el8 -> 2.21-21.el8_10
s390utils-base 2:2.29.0-3.el8_10.1 -> 2:2.29.0-3.el8_10.3
s390utils-core 2:2.29.0-3.el8_10.1 -> 2:2.29.0-3.el8_10.3
s390utils-se-data 2:2.29.0-3.el8_10.1 -> 2:2.29.0-3.el8_10.3
tar 2:1.30-10.el8_10 -> 2:1.30-11.el8_10

glibc: Double free in glibc

CVE-2025-8058

More information

Severity

Moderate

References

gnutls: Vulnerability in GnuTLS certtool template parsing

CVE-2025-32990

More information

Severity

Moderate

References

gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()

CVE-2025-6395

More information

Severity

Moderate

References

gnutls: Vulnerability in GnuTLS otherName SAN export

CVE-2025-32988

More information

Severity

Moderate

References

libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

CVE-2025-5914

More information

Severity

Important

References

libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

CVE-2025-7425

More information

Severity

Important

References

libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

CVE-2025-32415

More information

Severity

Moderate

References

linux-pam: Linux-pam directory Traversal

CVE-2025-6020

More information

Severity

Important

References

linux-pam: Incomplete fix for CVE-2025-6020

CVE-2025-8941

More information

Severity

Important

References

cpython: Cpython infinite loop when parsing a tarfile

CVE-2025-8194

More information

Severity

Moderate

References

sqlite: Integer Truncation in SQLite

CVE-2025-6965

More information

Severity

Important

References

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).

@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/lock-file-maintenance-vulnerability branch 3 times, most recently from 7bf9b96 to 450aa1d Compare September 16, 2025 08:07
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/lock-file-maintenance-vulnerability branch 7 times, most recently from 040bd5d to 09e08a4 Compare September 29, 2025 04:13
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/lock-file-maintenance-vulnerability branch 3 times, most recently from d1913a8 to 1aba844 Compare October 1, 2025 16:09
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/lock-file-maintenance-vulnerability branch 3 times, most recently from 9ee7410 to 54feda0 Compare October 9, 2025 12:07
@konflux-internal-p02
chore(deps): refresh rpm lockfiles [SECURITY]
60d49fd 
Signed-off-by: konflux-internal-p02 <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/lock-file-maintenance-vulnerability branch from 54feda0 to 60d49fd Compare October 9, 2025 20:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants