Skip to content

chore(deps): rpm updates - abandoned#34

Open
konflux-internal-p02[bot] wants to merge 1 commit intorelease-5.3from
konflux/mintmaker/release-5.3/rpm-updates
Open

chore(deps): rpm updates - abandoned#34
konflux-internal-p02[bot] wants to merge 1 commit intorelease-5.3from
konflux/mintmaker/release-5.3/rpm-updates

Conversation

@konflux-internal-p02
Copy link
Contributor

@konflux-internal-p02 konflux-internal-p02 bot commented Jul 29, 2025
edited
Loading

This PR contains the following updates:

Package Update Change
bash patch 4.4.20-5.el8 -> 4.4.20-6.el8_10
dbus patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-common patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-daemon patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-libs patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
dbus-tools patch 1:1.12.8-26.el8 -> 1:1.12.8-27.el8_10
glibc patch 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-all-langpacks patch 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-common patch 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
glibc-gconv-extra patch 2.28-251.el8_10.22 -> 2.28-251.el8_10.25
libarchive patch 3.3.3-5.el8 -> 3.3.3-6.el8_10
libgcc patch 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libgomp patch 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libstdc++ patch 8.5.0-26.el8_10 -> 8.5.0-28.el8_10
libxml2 patch 2.9.7-21.el8_10.1 -> 2.9.7-21.el8_10.3
pam patch 1.3.1-37.el8_10 -> 1.3.1-38.el8_10
platform-python patch 3.6.8-70.el8_10 -> 3.6.8-71.el8_10
python3-libs patch 3.6.8-70.el8_10 -> 3.6.8-71.el8_10
sqlite-libs patch 3.26.0-19.el8_9 -> 3.26.0-20.el8_10
tar patch 2:1.30-10.el8_10 -> 2:1.30-11.el8_10
which patch 2.21-20.el8 -> 2.21-21.el8_10

glibc: Double free in glibc

CVE-2025-8058

More information

Severity

Moderate

References

glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

CVE-2025-4802

More information

Severity

Moderate

References

glibc: Vector register overwrite bug in glibc

CVE-2025-5702

More information

Severity

Moderate

References

libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

CVE-2025-5914

More information

Severity

Important

References

libarchive: Buffer Overflow vulnerability in libarchive

CVE-2025-25724

More information

Severity

Moderate

References

libarchive: heap buffer over-read in header_gnu_longlink

CVE-2024-57970

More information

Severity

Moderate

References

libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

CVE-2025-7425

More information

Severity

Important

References

libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

CVE-2025-32415

More information

Severity

Moderate

References

libxml: Heap use after free (UAF) leads to Denial of service (DoS)

CVE-2025-49794

More information

Severity

Important

References

libxml: Type confusion leads to Denial of service (DoS)

CVE-2025-49796

More information

Severity

Important

References

libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2

CVE-2025-6021

More information

Severity

Important

References

libxml2: Out-of-Bounds Read in libxml2

CVE-2025-32414

More information

Severity

Moderate

References

libxml2: XXE vulnerability

CVE-2024-40896

More information

Severity

Critical

References

libxml: Null pointer dereference leads to Denial of service (DoS)

CVE-2025-49795

More information

Severity

Important

References

linux-pam: Incomplete fix for CVE-2025-6020

CVE-2025-8941

More information

Severity

Important

References

linux-pam: Linux-pam directory Traversal

CVE-2025-6020

More information

Severity

Important

References

cpython: Cpython infinite loop when parsing a tarfile

CVE-2025-8194

More information

Severity

Moderate

References

cpython: python: Extraction filter bypass for linking outside extraction directory

CVE-2025-4330

More information

Severity

Important

References

cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

CVE-2024-12718

More information

Severity

Important

References

python: cpython: Arbitrary writes via tarfile realpath overflow

CVE-2025-4517

More information

Severity

Important

References

cpython: Tarfile extracts filtered members when errorlevel=0

CVE-2025-4435

More information

Severity

Important

References

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

CVE-2025-4138

More information

Severity

Important

References

python: cpython: URL parser allowed square brackets in domain names

CVE-2025-0938

More information

Severity

Moderate

References

sqlite: Integer Truncation in SQLite

CVE-2025-6965

More information

Severity

Important

References

SQLite: integer overflow in SQLite

CVE-2025-3277

More information

Severity

Important

References

Configuration

📅 Schedule: Branch creation - "before 5am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).

@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 6 times, most recently from bde46cd to ea3e8dd Compare August 7, 2025 12:18
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 5 times, most recently from 19388ae to 606bee7 Compare August 15, 2025 12:08
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 4 times, most recently from 1a947c6 to c5d6209 Compare August 20, 2025 16:09
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 2 times, most recently from bdc1890 to 55e29ee Compare August 26, 2025 04:09
@konflux-internal-p02 konflux-internal-p02 bot changed the title chore(deps): rpm updates [security] chore(deps): rpm updates Aug 26, 2025
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 4 times, most recently from c2633dd to 87af2eb Compare September 2, 2025 04:10
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch 2 times, most recently from 41595ad to e78c4d9 Compare September 9, 2025 04:09
@konflux-internal-p02
chore(deps): rpm updates
5b7efdf 
Signed-off-by: konflux-internal-p02 <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-5.3/rpm-updates branch from e78c4d9 to 5b7efdf Compare September 10, 2025 00:09
@konflux-internal-p02 konflux-internal-p02 bot changed the title chore(deps): rpm updates chore(deps): rpm updates - abandoned Oct 8, 2025
@konflux-internal-p02
Copy link
Contributor Author

konflux-internal-p02 bot commented Oct 8, 2025

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants