Skip to content

Add patch for cloud-init CVE-2023-1786#5777

Merged
rmhsawyer merged 15 commits into
mainfrom
cloud_init_CVE
Jun 30, 2023
Merged

Add patch for cloud-init CVE-2023-1786#5777
rmhsawyer merged 15 commits into
mainfrom
cloud_init_CVE

Conversation

@rmhsawyer

@rmhsawyer rmhsawyer commented Jun 30, 2023

Copy link
Copy Markdown
Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

  • The toolchain has been rebuilt successfully (or no changes were made to it)
  • The toolchain/worker package manifests are up-to-date
  • Any updated packages successfully build (or no packages were changed)
  • Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
  • Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
  • All package sources are available
  • cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
  • LICENSE-MAP files are up-to-date (./SPECS/LICENSES-AND-NOTICES/data/licenses.json, ./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md, ./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON)
  • All source files have up-to-date hashes in the *.signatures.json files
  • sudo make go-tidy-all and sudo make go-test-coverage pass
  • Documentation has been updated to match any changes to the build system
  • Ready to merge

Summary

This PR is to add patch for CVE-2023-1786.
A Previous PR that tries to fix this CVE by auto upgrade pipeline broke the main branch.

Change Log
Does this affect the toolchain?

NO

Associated issues
Links to CVEs
Test Methodology

@rmhsawyer rmhsawyer requested a review from a team as a code owner June 30, 2023 05:54

@christopherco christopherco left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rmhsawyer rmhsawyer merged commit a7ada8e into main Jun 30, 2023
@rmhsawyer rmhsawyer deleted the cloud_init_CVE branch June 30, 2023 19:21
sameluch pushed a commit that referenced this pull request Jun 30, 2023
* modify cloud.cfg

* add patch mozjs cve

* add cloud-init CVE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

main PR Destined for main security

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants