chore(deps): refresh rpm lockfiles [SECURITY] #44
+859
−859
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![konflux-internal-p02[bot]](https://avatars.githubusercontent.com/u/89927105?s=80&v=4){kind=small}
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-5.3/lock-file-maintenance-vulnerability
branch
3 times, most recently
from
576dd61 to
2850a88
Compare
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-5.3/lock-file-maintenance-vulnerability
branch
6 times, most recently
from
6993e23 to
d37b24c
Compare
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-5.3/lock-file-maintenance-vulnerability
branch
4 times, most recently
from
598e5fd to
3f0104f
Compare
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-5.3/lock-file-maintenance-vulnerability
branch
5 times, most recently
from
dff6bd3 to
3f5bd55
Compare
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-5.3/lock-file-maintenance-vulnerability
branch
from
3f5bd55 to
c413418
Compare
Signed-off-by: konflux-internal-p02 <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/release-5.3/lock-file-maintenance-vulnerability
branch
from
c413418 to
cbb2b14
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
File rpms.in.yaml:
3:2.1.10-1.module+el8.10.0+23320+f7205097->3:2.1.10-1.module+el8.10.0+23498+f7d19d482:2.229.0-2.module+el8.10.0+23320+f7205097->2:2.229.0-2.module+el8.10.0+23498+f7d19d481:1.4.0-6.module+el8.10.0+23320+f7205097->1:1.4.0-6.module+el8.10.0+23498+f7d19d482:1-82.module+el8.10.0+23320+f7205097->2:1-82.module+el8.10.0+23498+f7d19d483.18-5.module+el8.10.0+23320+f7205097->3.18-5.module+el8.10.0+23498+f7d19d482.79-33.el8_10->2.79-35.el8_101.13-1.module+el8.10.0+23320+f7205097->1.13-1.module+el8.10.0+23498+f7d19d484.4.0-2.module+el8.10.0+23320+f7205097->4.4.0-2.module+el8.10.0+23498+f7d19d483.6.8-70.el8_10->3.6.8-71.el8_104:4.9.4-22.module+el8.10.0+23320+f7205097->4:4.9.4-23.module+el8.10.0+23498+f7d19d484:4.9.4-22.module+el8.10.0+23320+f7205097->4:4.9.4-23.module+el8.10.0+23498+f7d19d484:4.9.4-22.module+el8.10.0+23320+f7205097->4:4.9.4-23.module+el8.10.0+23498+f7d19d484:4.9.4-22.module+el8.10.0+23320+f7205097->4:4.9.4-23.module+el8.10.0+23498+f7d19d481:1.1.12-6.module+el8.10.0+23320+f7205097->1:1.1.12-6.module+el8.10.0+23498+f7d19d481.2.3-1.module+el8.10.0+23320+f7205097->1.2.3-1.module+el8.10.0+23498+f7d19d484.4.20-5.el8->4.4.20-6.el8_107.61.1-34.el8_10.3->7.61.1-34.el8_10.81:1.12.8-26.el8->1:1.12.8-27.el8_101:1.12.8-26.el8->1:1.12.8-27.el8_101:1.12.8-26.el8->1:1.12.8-27.el8_101:1.12.8-26.el8->1:1.12.8-27.el8_101:1.12.8-26.el8->1:1.12.8-27.el8_101.45.6-6.el8_10->1.45.6-7.el8_101.45.6-6.el8_10->1.45.6-7.el8_105.33-26.el8->5.33-27.el8_105.33-26.el8->5.33-27.el8_102.28-251.el8_10.22->2.28-251.el8_10.252.28-251.el8_10.22->2.28-251.el8_10.252.28-251.el8_10.22->2.28-251.el8_10.252.28-251.el8_10.22->2.28-251.el8_10.253.6.16-8.el8_10.3->3.6.16-8.el8_10.41:2.02-167.el8_10->1:2.02-169.el8_101:2.02-167.el8_10->1:2.02-169.el8_101:2.02-167.el8_10->1:2.02-169.el8_103.3.3-5.el8->3.3.3-6.el8_101.45.6-6.el8_10->1.45.6-7.el8_107.61.1-34.el8_10.3->7.61.1-34.el8_10.88.5.0-26.el8_10->8.5.0-28.el8_108.5.0-26.el8_10->8.5.0-28.el8_108.5.0-26.el8_10->8.5.0-28.el8_108.5.0-26.el8_10->8.5.0-28.el8_101.45.6-6.el8_10->1.45.6-7.el8_108.5.0-26.el8_10->8.5.0-28.el8_102.9.7-21.el8_10.1->2.9.7-21.el8_10.31.1.32-6.2.el8_10->1.1.32-6.3.el8_108.0p1-25.el8_10->8.0p1-26.el8_108.0p1-25.el8_10->8.0p1-26.el8_101.3.1-37.el8_10->1.3.1-38.el8_103.6.8-70.el8_10->3.6.8-71.el8_103.2.1-7.el8_9->3.2.1-8.el8_103.6.8-70.el8_10->3.6.8-71.el8_102.20.0-5.el8_10->2.20.0-6.el8_103.26.0-19.el8_9->3.26.0-20.el8_101.9.5p2-1.el8_10.1->1.9.5p2-1.el8_10.22:1.30-10.el8_10->2:1.30-11.el8_102:8.0.1763-19.el8_6.4->2:8.0.1763-21.el8_102.21-20.el8->2.21-21.el8_108.5.0-26.el8_10->8.5.0-28.el8_102:2.29.0-3.el8_10.1->2:2.29.0-3.el8_10.32:2.29.0-3.el8_10.1->2:2.29.0-3.el8_10.32:2.29.0-3.el8_10.1->2:2.29.0-3.el8_10.3cpython: Cpython infinite loop when parsing a tarfile
CVE-2025-8194
More information
Severity
Moderate
References
glibc: Double free in glibc
CVE-2025-8058
More information
Severity
Moderate
References
gnutls: Vulnerability in GnuTLS otherName SAN export
CVE-2025-32988
More information
Severity
Moderate
References
gnutls: Vulnerability in GnuTLS certtool template parsing
CVE-2025-32990
More information
Severity
Moderate
References
gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()
CVE-2025-6395
More information
Severity
Moderate
References
libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
CVE-2025-5914
More information
Severity
Important
References
libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
CVE-2025-7425
More information
Severity
Important
References
libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
CVE-2025-32415
More information
Severity
Moderate
References
openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled
CVE-2025-26465
More information
Severity
Moderate
References
linux-pam: Linux-pam directory Traversal
CVE-2025-6020
More information
Severity
Important
References
linux-pam: Incomplete fix for CVE-2025-6020
CVE-2025-8941
More information
Severity
Important
References
python-cryptography: NULL-dereference when loading PKCS7 certificates
CVE-2023-49083
More information
Severity
Moderate
References
requests: Requests vulnerable to .netrc credentials leak via malicious URLs
CVE-2024-47081
More information
Severity
Moderate
References
sqlite: Integer Truncation in SQLite
CVE-2025-6965
More information
Severity
Important
References
🔧 This Pull Request updates lock files to use the latest dependency versions.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
To execute skipped test pipelines write comment
/ok-to-test.This PR has been generated by MintMaker (powered by Renovate Bot).