[Backport release-1.27] Fix CVE-2023-48795 #3836

twz123 · 2023-12-19T07:58:16Z

Backport to release-1.27:

See:

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.13.0 to 0.15.0. - [Commits](golang/sys@v0.13.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> (cherry picked from commit 0687f2f) (cherry picked from commit e9bfad4)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.16.0. - [Commits](golang/crypto@v0.14.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> (cherry picked from commit 5c2c42d) (cherry picked from commit 03618f6)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.16.0 to 0.17.0. - [Commits](golang/crypto@v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> (cherry picked from commit 63ccbd3) (cherry picked from commit 070091e)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](golang/crypto@v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> (cherry picked from commit 102b2c5) (cherry picked from commit 5f4b643)

k0s-bot · 2023-12-19T13:40:57Z

Backport failed for release-1.26, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally.

git fetch origin release-1.26
git worktree add -d .worktree/backport-3836-to-release-1.26 origin/release-1.26
cd .worktree/backport-3836-to-release-1.26
git checkout -b backport-3836-to-release-1.26
ancref=$(git merge-base c7f1c5ee6ccb9b05598573f01792cd0754f12633 38425561f0c073c93dd2d88e7d7198f997173d2c)
git cherry-pick -x $ancref..38425561f0c073c93dd2d88e7d7198f997173d2c

dependabot bot added 4 commits December 19, 2023 08:43

twz123 added security fix backport/release-1.26 PR that needs to be backported/cherrypicked to release-1.26 branch labels Dec 19, 2023

twz123 mentioned this pull request Dec 19, 2023

[Backport release-1.26] Fix CVE-2023-48795 #3837

Merged

twz123 marked this pull request as ready for review December 19, 2023 12:06

twz123 requested a review from a team as a code owner December 19, 2023 12:06

twz123 requested review from kke and makhov December 19, 2023 12:06

ncopa approved these changes Dec 19, 2023

View reviewed changes

ncopa merged commit 00adfdc into k0sproject:release-1.27 Dec 19, 2023
70 checks passed

twz123 deleted the backport-3855-to-release-1.27 branch December 19, 2023 17:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Backport release-1.27] Fix CVE-2023-48795 #3836

[Backport release-1.27] Fix CVE-2023-48795 #3836

twz123 commented Dec 19, 2023

k0s-bot commented Dec 19, 2023

[Backport release-1.27] Fix CVE-2023-48795 #3836

[Backport release-1.27] Fix CVE-2023-48795 #3836

Conversation

twz123 commented Dec 19, 2023

k0s-bot commented Dec 19, 2023