Skip to content

Refresh RPM lockfiles [SECURITY] #463

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release-v1.6.x
Choose a base branch
from
Open

Refresh RPM lockfiles [SECURITY] #463

wants to merge 1 commit into from
+239 −212

Conversation

@red-hat-konflux
Copy link
Contributor

@red-hat-konflux red-hat-konflux bot commented Nov 11, 2025

This PR contains the following updates:

File tools/rpm-manifests/rpms.in.yaml:

Package Change
aardvark-dns 2:1.14.0-1.el9 -> 2:1.16.0-1.el9
buildah 2:1.39.4-2.el9_6 -> 2:1.41.4-3.el9_7
conmon 3:2.1.12-1.el9 -> 3:2.1.13-1.el9
containers-common 2:1-117.el9_6 -> 4:1-135.el9_7
containers-common-extra 2:1-117.el9_6 -> 4:1-135.el9_7
criu 3.19-1.el9 -> 3.19-3.el9
criu-libs 3.19-1.el9 -> 3.19-3.el9
crun 1.23.1-2.el9_6 -> 1.23.1-2.el9_7
fuse-overlayfs 1.14-1.el9 -> 1.15-1.el9
netavark 2:1.14.1-1.el9_6 -> 2:1.16.0-1.el9
passt 0^20250217.ga1e48a0-10.el9_6 -> 0^20250512.g8ec1341-2.el9
podman 5:5.4.0-13.el9_6 -> 6:5.6.0-6.el9_7
python3.11 3.11.11-2.el9_6.2 -> 3.11.13-3.el9
python3.11-libs 3.11.11-2.el9_6.2 -> 3.11.13-3.el9
python3.11-pip-wheel 22.3.1-5.el9 -> 22.3.1-6.el9
python3.11-setuptools-wheel 65.5.1-4.el9_6 -> 65.5.1-5.el9
slirp4netns 1.3.2-1.el9 -> 1.3.3-1.el9
jq 1.6-17.el9_6.2 -> 1.6-19.el9
kmod 28-10.el9 -> 28-11.el9
less 590-5.el9 -> 590-6.el9
nftables 1:1.0.9-3.el9 -> 1:1.0.9-5.el9_7
openssh 8.7p1-45.el9 -> 8.7p1-46.el9
openssh-clients 8.7p1-45.el9 -> 8.7p1-46.el9
openssl 1:3.2.2-6.el9_5.1 -> 1:3.5.1-3.el9
shadow-utils-subid 2:4.9-12.el9 -> 2:4.9-15.el9

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

cpython: Cpython infinite loop when parsing a tarfile

CVE-2025-8194

More information

Details

A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.

Severity

Moderate

References

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux
Refresh RPM lockfiles [SECURITY]
3d14dba 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/release-v1.6.x/lock-file-maintenance-vulnerability branch from 33aa1a9 to 3d14dba Compare November 12, 2025 17:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants