StarlingX

  1. Bug #2038882
  2. Comment #2

Comment 2 for bug 2038882

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/899535
Committed: https://opendev.org/starlingx/tools/commit/bdd47c99da028befbadee7c290cb2eed02fcd835
Submitter: "Zuul (22348)"
Branch: master

commit bdd47c99da028befbadee7c290cb2eed02fcd835
Author: Peng Zhang <email address hidden>
Date: Fri Nov 3 13:13:13 2023 +0000

    Debian: yajl: fix multiple CVEs

    Upgrade yajl-tools package version from 2.1.0-3
    to 2.1.0-3+deb11u2, libyajl-dev package from
    2.1.0-3 to 2.1.0-3+deb11u2, libyajl2 package from
    2.1.0-3 to 2.1.0-3+deb11u2 to fix
    CVE-2017-16516/CVE-2022-24795/CVE-2023-33460.

    Refer to:
    https://nvd.nist.gov/vuln/detail/CVE-2017-16516
    https://nvd.nist.gov/vuln/detail/CVE-2022-24795
    https://nvd.nist.gov/vuln/detail/CVE-2023-33460

    Test Plan:
    Pass: downloader
    Pass: build-pkgs --clean --all
    Pass: build-image
    Pass: boot

    Closes-bug: #2038882

    Change-Id: I2095b68896d2db1eb881d8a0357d291491b6dbc1
    Signed-off-by: Peng Zhang <email address hidden>