StarlingX

  1. Bug #2047316
  2. Comment #2

Comment 2 for bug 2047316

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/904421
Committed: https://opendev.org/starlingx/tools/commit/fcf426cf154d8e9f9632a0dfe4bcde5c9ae93243
Submitter: "Zuul (22348)"
Branch: master

commit fcf426cf154d8e9f9632a0dfe4bcde5c9ae93243
Author: Zhixiong Chi <email address hidden>
Date: Sun Dec 24 22:39:15 2023 -0800

    curl: Upgrade to 7.74.0-1.3+deb11u11

    Upgrade subpackages curl|libcurl3-gnutls|libcurl4|libcurl4-gnutls-dev
    |libcurl4-openssl-dev to 7.74.0-1.3+deb11u11 to fix the CVE issue
    CVE-2023-46218.

    Refer to:
    https://www.debian.org/security/2023/dsa-5587
    https://www.tenable.com/plugins/nessus/187288
    https://nvd.nist.gov/vuln/detail/CVE-2023-46218

    TestPlan:
    PASS: downloader; build-pkgs; build-image
    PASS: Jenkins Installation

    Closes-Bug: 2047316

    Signed-off-by: Zhixiong Chi <email address hidden>
    Change-Id: Idbb9e6767a7982207c7de7fc19fce890bc91f6da