Skip to content

Conversation

@red-hat-konflux
Copy link
Contributor

@red-hat-konflux red-hat-konflux bot commented Sep 10, 2025

This PR contains the following updates:

File tools/rpm-manifests/rpms.in.yaml:

Package Change
buildah 2:1.39.4-1.el9_6 -> 2:1.39.4-2.el9_6
crun 1.21-1.el9_6 -> 1.23.1-2.el9_6
git-core 2.47.1-2.el9_6 -> 2.47.3-1.el9_6
jq 1.6-15.el9 -> 1.6-17.el9_6.2
passt 0^20250217.ga1e48a0-1.el9 -> 0^20250217.ga1e48a0-10.el9_6
podman 5:5.4.0-9.el9_6 -> 5:5.4.0-13.el9_6
python3.11 3.11.11-2.el9 -> 3.11.11-2.el9_6.2
python3.11-libs 3.11.11-2.el9 -> 3.11.11-2.el9_6.2
python3.11-setuptools-wheel 65.5.1-3.el9 -> 65.5.1-4.el9_6
libdb 5.3.28-55.el9 -> 5.3.28-57.el9_6
pam 1.5.1-23.el9 -> 1.5.1-26.el9_6
which 2.21-29.el9 -> 2.21-30.el9_6

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


git: Newline confusion in credential helpers can lead to credential exfiltration in git

CVE-2024-52006

More information

Severity

Important

References


gitk: Git file creation flaw

CVE-2025-27613

More information

Severity

Important

References


git: Git GUI can create and overwrite files for which the user has write permission

CVE-2025-46835

More information

Severity

Important

References


git: Git does not sanitize URLs when asking for credentials interactively

CVE-2024-50349

More information

Severity

Important

References


gitk: git script execution flaw

CVE-2025-27614

More information

Severity

Important

References


git: Git arbitrary code execution

CVE-2025-48384

More information

Severity

Important

References


git: Git arbitrary file writes

CVE-2025-48385

More information

Severity

Important

References


jq: jq has signed integer overflow in jv.c:jvp_array_write

CVE-2024-23337

More information

Severity

Moderate

References


jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

CVE-2025-48060

More information

Severity

Moderate

References


cpython: Cpython infinite loop when parsing a tarfile

CVE-2025-8194

More information

Severity

Moderate

References


cpython: Tarfile extracts filtered members when errorlevel=0

CVE-2025-4435

More information

Severity

Important

References


python: cpython: Arbitrary writes via tarfile realpath overflow

CVE-2025-4517

More information

Severity

Important

References


cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

CVE-2024-12718

More information

Severity

Important

References


cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

CVE-2025-4138

More information

Severity

Important

References


cpython: python: Extraction filter bypass for linking outside extraction directory

CVE-2025-4330

More information

Severity

Important

References


setuptools: Path Traversal Vulnerability in setuptools PackageIndex

CVE-2025-47273

More information

Severity

Moderate

References


linux-pam: Incomplete fix for CVE-2025-6020

CVE-2025-8941

More information

Severity

Important

References


linux-pam: Linux-pam directory Traversal

CVE-2025-6020

More information

Severity

Important

References

🔧 This Pull Request updates lock files to use the latest dependency versions.


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/release-v1.6.x/lock-file-maintenance-vulnerability branch from 6cfbad0 to 860c482 Compare September 16, 2025 04:24
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/release-v1.6.x/lock-file-maintenance-vulnerability branch from 860c482 to 0bbcd83 Compare September 22, 2025 12:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants