folkslinux
/
CBL-Mariner
mirror of https://github.com/microsoft/CBL-Mariner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,451 Commits 970 Branches 457 Tags 853 MiB
Commit Graph

5451 Commits

Author SHA1 Message Date
CBL-Mariner-Bot 0dd6087151
[AUTO-CHERRYPICK] Patch CVE-2023-27534 in cmake - branch main (#10509) 
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
 2024-09-24 11:43:24 -07:00
CBL-Mariner-Bot 6f47c6bd34
[AUTO-CHERRYPICK] Fixes CVE-2022-32149 by backporting the fix as a patch file - branch main (#10507) 
Co-authored-by: Jiri Appl <jiria@microsoft.com>
 2024-09-19 13:31:07 -07:00
CBL-Mariner-Bot 99c054afa8
[AUTO-CHERRYPICK] Revert to 1.19.4, add epoch and add patch for CVE-2024-37371 and CVE-2024-37370 - branch main (#10491) 
Co-authored-by: nicolas guibourge <nicogbg@gmail.com>
 2024-09-19 13:21:37 -07:00
CBL-Mariner-Bot fe555eb3f8
[AUTO-CHERRYPICK] Patch libxml2 to resolve CVE-2024-25062 - branch main (#10490) 
Co-authored-by: Sumedh Alok Sharma <sumsharma@microsoft.com>
 2024-09-19 11:49:26 -07:00
CBL-Mariner-Bot a2726f6105
[AUTO-CHERRYPICK] Patch influxdb to resolve CVE-2022-32149 - branch main (#10495) 
Co-authored-by: Sumedh Alok Sharma <sumsharma@microsoft.com>
 2024-09-19 11:48:24 -07:00
CBL-Mariner-Bot 795266d619
[AUTO-CHERRYPICK] Patch xorg-x11-server for CVE-2024-0229, CVE-2024-0409 & CVE-2024-21886 - branch main (#10496) 
Co-authored-by: Sumedh Alok Sharma <sumsharma@microsoft.com>
 2024-09-19 11:48:15 -07:00
Sumedh Alok Sharma 65a3f016ae
vim: Add patch to resolve CVE-2024-41957 & CVE-2024-41965. (#10081) 2024-09-19 10:58:33 +05:30
CBL-Mariner-Bot 030781f783
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.167.1 - branch main (#10482) 2024-09-18 14:47:00 -07:00
CBL-Mariner-Bot df1f8b078c
[AUTO-CHERRYPICK] Upgraded keepalived to 2.3.1 and patched CVE-2024-41184. - branch main (#10458) 
Co-authored-by: Harshit Gupta <harshitgupta1337@gmail.com>
 2024-09-18 14:28:46 -07:00
Riken Maharjan 9e01ea9ebe
[2.0] Use Toolchain RPMS when building Golden Container (#10473) 2024-09-18 09:33:06 -07:00
Minghe Ren 85a79aff0e
cloud-init add patch for PPS support of auzre-proxy-agent (#10455) 
Co-authored-by: minghe <rmhsawyer>
 2024-09-17 17:06:11 -07:00
Riken Maharjan d37a414769
Creating Busybox SBOM by not deleting the rpm db (#10395) 2024-09-16 18:24:46 -07:00
CBL-Mariner-Bot 2f66e799c2
[AUTO-CHERRYPICK] Backport CVE-2024-3727 fix for libcontainers-common - branch main (#10450) 
Co-authored-by: Sudipta Pandit <sudpandit@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
 2024-09-13 17:53:35 -04:00
CBL-Mariner-Bot ef135f4b46
[AUTO-CHERRYPICK] Fix CVE-2022-32149 in cri-o - branch main (#10451) 
Co-authored-by: sindhu-karri <33163197+sindhu-karri@users.noreply.github.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-09-13 17:47:29 -04:00
CBL-Mariner-Bot 9c0a877fcf
[AUTO-CHERRYPICK] Fix nfs-utils to build rsc.svcgssd and provide the missing rpc-gssd service - branch main (#10449) 
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-09-13 17:47:16 -04:00
CBL-Mariner-Bot 1dad47a2e4
[AUTO-CHERRYPICK] Separated toolchain tests from non-toolchain package builds. - branch main (#10448) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-09-13 17:46:20 -04:00
CBL-Mariner-Bot 1b5b551f9a
[AUTO-CHERRYPICK] Upgrade expat to 2.6.3 to fix CVE-2024-45490, CVE-2024-45491, CVE-2024-45492 - branch main (#10401) 
Co-authored-by: Gary Swalling <31018813+gjswalling@users.noreply.github.com>
 2024-09-13 17:46:06 -04:00
CBL-Mariner-Bot f27ba146cb
[AUTO-CHERRYPICK] Fix CVE-2022-40898 for python-wheel - branch main (#10423) 
Co-authored-by: Sudipta Pandit <sudpandit@microsoft.com>
 2024-09-13 17:45:50 -04:00
CBL-Mariner-Bot 31e961bbcc
[AUTO-CHERRYPICK] Patch CVE-2024-6197 in curl - branch main (#10397) 
Co-authored-by: aadhar-agarwal <108542189+aadhar-agarwal@users.noreply.github.com>
 2024-09-13 17:45:35 -04:00
CBL-Mariner-Bot 105469e37d
[AUTO-CHERRYPICK] Fix CVE-2022-32149 in libcontainers-common - branch main (#10396) 
Co-authored-by: sindhu-karri <33163197+sindhu-karri@users.noreply.github.com>
 2024-09-13 17:45:17 -04:00
CBL-Mariner-Bot 79af982f0d
[AUTO-CHERRYPICK] golang: update 1.22.5 -> 1.22.7 to address 3 CVEs - branch main (#10420) 
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
 2024-09-13 12:44:56 -07:00
Minghe Ren 458cd16648
cloud-init add azure proxy agent (#10357) 
Co-authored-by: minghe <rmhsawyer>
 2024-09-13 10:48:34 -07:00
sharath-srikanth-chellappa 7ac364a3ce
Removing hotplug detach grace period patch from kubevirt (#10419) 
Co-authored-by: Sharath Srikanth Chellappa <sharathsr@microsoft.com>
 2024-09-11 12:26:52 -07:00
CBL-Mariner-Bot f9ac95ae49
[AUTO-CHERRYPICK] msft-golang: bump version to 1.22.7 to address 3 CVEs - branch main (#10416) 
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
 2024-09-11 12:08:18 -07:00
CBL-Mariner-Bot 24ea47e9e5
[AUTOPATCHER-CORE] Upgrade python-webob to 1.8.8 Fix CVE-2024-42353 (#10196) 2024-09-10 10:30:28 +05:30
CBL-Mariner-Bot 9f461803ab
[AUTO-CHERRYPICK] libsndfile: Add patch to resolve CVE-2022-33065 - branch main (#10341) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-09-09 21:43:12 -07:00
CBL-Mariner-Bot f0815b0a44
[AUTO-CHERRYPICK] jasper: Add patch to resolve CVE-2023-51257 - branch main (#10340) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-09-09 21:43:06 -07:00
CBL-Mariner-Bot 7f3b3ae810
[AUTO-CHERRYPICK] keda: Fix CVE-2022-32149 with a patch - branch main (#10339) 
Co-authored-by: sindhu-karri <33163197+sindhu-karri@users.noreply.github.com>
 2024-09-09 21:42:58 -07:00
CBL-Mariner-Bot 54ddc3dd3c
[AUTO-CHERRYPICK] Fix CVE-2022-32149 in prometheus-adapter - branch main (#10338) 
Co-authored-by: sindhu-karri <33163197+sindhu-karri@users.noreply.github.com>
 2024-09-09 21:42:45 -07:00
Riken Maharjan 2cf83eca54
[Cherry-Pick] Fix CVE-2022-32149 in application-gateway-kubernetes-ingress (#10274) (#10376) 
Co-authored-by: sindhu-karri <33163197+sindhu-karri@users.noreply.github.com>
 2024-09-09 21:42:36 -07:00
CBL-Mariner-Bot 7fa8c0507a
[AUTO-CHERRYPICK] cdi: CVE-2022-41717, CVE-2022-32149, CVE-2024-28180 - branch main (#10342) 
Co-authored-by: bfjelds <bfjelds@microsoft.com>
 2024-09-09 21:42:20 -07:00
CBL-Mariner-Bot 38841ec98c
[AUTO-CHERRYPICK] libnbd: cve-2024-7383 (mariner 2.0) - branch main (#10343) 
Co-authored-by: bfjelds <bfjelds@microsoft.com>
 2024-09-09 21:42:07 -07:00
Riken Maharjan 1e2031d1f1
[cherry-pick] kubevirt: CVE-2022-32149 and CVE-2023-26484 (#10232) (#10377) 
Co-authored-by: bfjelds <bfjelds@microsoft.com>
 2024-09-09 21:41:51 -07:00
Riken Maharjan d1cd2c8bfb
[cherry-pick] vim: CVE-2024-43374 (mariner 2) (#10192) (#10378) 
Co-authored-by: bfjelds <bfjelds@microsoft.com>
 2024-09-09 21:41:40 -07:00
CBL-Mariner-Bot 4fbe84fd70
[AUTO-CHERRYPICK] krb5: Add patch for fixing CVE-2024-26458 and CVE-2024-26461 - branch main (#10351) 
Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
 2024-09-09 21:41:28 -07:00
CBL-Mariner-Bot e21478f69e
[AUTO-CHERRYPICK] Fix multiple CVEs in moby-buildx package - branch main (#10381) 
Co-authored-by: Bala <kumaran.4353@gmail.com>
 2024-09-09 21:40:14 -07:00
CBL-Mariner-Bot a17f93f9bb
[AUTO-CHERRYPICK] qemu: CVE-2024-24474 (mariner 2) - branch main (#10353) 
Co-authored-by: bfjelds <bfjelds@microsoft.com>
 2024-09-09 21:39:34 -07:00
Sumedh Alok Sharma 38e24f30cd
multus: Add patch to resolve CVE-2023-3978 (#10205) 2024-09-09 14:03:49 +05:30
Sumedh Alok Sharma 86f0b417ed
tpm2-tss: Add patch to resolve CVE-2024-29040 (#10083) 2024-09-09 14:03:35 +05:30
Muhammad Falak R Wani 6a82bec114
sysstat: upgrade version 12.7.1 -> 12.7.6 to address CVE-2018-19416 (#10244) 
Changelog: https://github.com/sysstat/sysstat/blob/v12.7.6/CHANGES
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-09-05 10:36:03 +05:30
Pawel Winogrodzki 780341a75d
Updated the `upload-artifact` GitHub Action to version 4. (#10355) 2024-09-04 13:56:33 -07:00
Henry Beberman f2a533886c
Backport trace-cmd and dependencies from 3.0 (#10326) 2024-09-04 10:04:25 -07:00
CBL-Mariner-Bot e8fad6d316
[AUTO-CHERRYPICK] Moved PR check's raw toolchain hashes to the pipeline UI. - branch main (#10324) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-09-03 15:35:56 -07:00
CBL-Mariner-Bot ff4bceec5e
[AUTO-CHERRYPICK] Patch xorg-x11-server for CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 & CVE-2024-31083 - branch main (#10323) 
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
 2024-09-03 14:59:21 -04:00
suresh-thelkar 4dd5431609
Patch CVE-2024-29018 in moby-engine (#10172) 2024-09-02 14:05:29 +05:30
CBL-Mariner-Bot 74e68ca771
[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2024-43855 CVE-2024-42240 CVE-2024-39472 CVE-2024-42269 CVE-2024-42284 CVE-2024-42283 CVE-2023-52889 CVE-2024-42285 CVE-2024-42270 CVE-2024-42271 CVE-2024-43856 CVE-2024-43828 CVE-2024-42313 CVE-2024-43858 CVE-2024-43854 CVE-2024-42302 CVE-2024-42301 CVE-2024-42310 CVE-2024-43860 CVE-2024-42309 CVE-2024-43902 CVE-2024-43907 CVE-2024-44935 CVE-2024-43909 CVE-2024-42114 CVE-2024-43908 CVE-2024-44934 CVE-2024-43889 (#10191) 2024-08-30 14:39:47 -07:00
CBL-Mariner-Bot 4afdb4c47c
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.165.1 - branch main (#10284) 2024-08-30 11:10:34 -07:00
Muhammad Falak R Wani 0c8fc3bc15
telegraf: address CVE-2024-24786 & CVE-2024-28180 (#10203) 
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-08-30 09:19:52 +05:30
Neha Agarwal 71e149c603
vte291: apply correct patch for cve-2024-37535 fix (#10291) 2024-08-29 16:56:52 -07:00
Cameron E Baird 9be1704f23 nginx: Address CVE-2024-7347 (#10190) 2024-08-29 12:55:36 -04:00