Learn more about these different git repos.
Other Git URLs
Not all container image builds run dnf upgrade. It'd be great for the Fedora 36 container to ship with an updated OpenSSL to fix CVE-2022-3602/CVE-2022-3786.
dnf upgrade
Soon?
n/a
Some container images built with F36 will continue to have a vulnerable OpenSSL.
I have updated registry.fedoraproject.org and quay.io/fedora. I am working on pushing the update on dockerhub.
Metadata Update from @cverna: - Issue assigned to cverna
PR for dockerhub https://github.com/docker-library/official-images/pull/13471
Hum... updated with what? f36 container builds have been failing due to https://bugzilla.redhat.com/show_bug.cgi?id=2077680
So, I suspect the current one is pretty old?
Metadata Update from @phsmoura: - Issue tagged with: high-gain, medium-trouble, ops
The PR was meged
Metadata Update from @cverna: - Issue untagged with: high-gain, medium-trouble, ops - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Hum... updated with what? f36 container builds have been failing due to https://bugzilla.redhat.com/show_bug.cgi?id=2077680 So, I suspect the current one is pretty old?
I manually downloaded the tar.xz from koji build from https://koji.fedoraproject.org/koji/buildinfo?buildID=2083139 and I doubled check that we had the correct version of openssl.
Only the armhfp image was not updated, I did not have time to look at why the builds are failing for this architecture tho
We should probably update the pungi config to allow the armhfp builds to fail ? WDYT?
Yeah, I guess so... I wish we could figure out a fix or workaround, but failing that, we should let them fail and have the rest at least finish.
PR to make armhfp failable https://pagure.io/pungi-fedora/pull-request/1135#
Login to comment on this ticket.