From 8cd9b00d73ebc86f83ec5ae0451fa09bf0c6a8a4 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Wed, 14 Dec 2022 13:03:22 -0800 Subject: [PATCH] upgrade moby-containerd to 1.6.12 to fix CVE-2022-23471 (#4449) --- SPECS/moby-containerd/moby-containerd.signatures.json | 10 +++++----- SPECS/moby-containerd/moby-containerd.spec | 7 +++++-- cgmanifest.json | 6 +++--- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/SPECS/moby-containerd/moby-containerd.signatures.json b/SPECS/moby-containerd/moby-containerd.signatures.json index f91f575357..c9067594ad 100644 --- a/SPECS/moby-containerd/moby-containerd.signatures.json +++ b/SPECS/moby-containerd/moby-containerd.signatures.json @@ -1,7 +1,7 @@ { - "Signatures": { - "containerd.service": "b7908653ff8298fc8c1c21854a6e338f40c607ec40d177269615a8f3448c5153", - "containerd.toml": "793d4f11a4e69bdb3b1903da2cdf76b7f32dbc97197b12d295a05ecc284e230e", - "moby-containerd-1.6.6.tar.gz": "27afb673c20d53aa5c31aec07b38eb7e4dc911e7e1f0c76fac9513bbf070bd24" - } + "Signatures": { + "containerd.service": "b7908653ff8298fc8c1c21854a6e338f40c607ec40d177269615a8f3448c5153", + "containerd.toml": "793d4f11a4e69bdb3b1903da2cdf76b7f32dbc97197b12d295a05ecc284e230e", + "moby-containerd-1.6.12.tar.gz": "b86e5c42f58b8348422c972513ff49783c0d505ed84e498d0d0245c5992e4320" + } } \ No newline at end of file diff --git a/SPECS/moby-containerd/moby-containerd.spec b/SPECS/moby-containerd/moby-containerd.spec index 84f2dd9610..cec34b9152 100644 --- a/SPECS/moby-containerd/moby-containerd.spec +++ b/SPECS/moby-containerd/moby-containerd.spec @@ -4,8 +4,8 @@ Summary: Industry-standard container runtime Name: moby-%{upstream_name} -Version: 1.6.6 -Release: 3%{?dist} +Version: 1.6.12 +Release: 1%{?dist} License: ASL 2.0 Group: Tools/Container URL: https://www.containerd.io @@ -85,6 +85,9 @@ fi %config(noreplace) %{_sysconfdir}/containerd/config.toml %changelog +* Wed Dec 14 2022 CBL-Mariner Servicing Account - 1.6.12-1 +- Auto-upgrade to 1.6.12 - to fix CVE-2022-23471 + * Tue Nov 01 2022 Olivia Crain - 1.6.6-3 - Bump release to rebuild with go 1.18.8 diff --git a/cgmanifest.json b/cgmanifest.json index 78d0377b54..090280a936 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -12143,8 +12143,8 @@ "type": "other", "other": { "name": "moby-containerd", - "version": "1.6.6", - "downloadUrl": "https://github.com/containerd/containerd/archive/v1.6.6.tar.gz" + "version": "1.6.12", + "downloadUrl": "https://github.com/containerd/containerd/archive/v1.6.12.tar.gz" } } }, @@ -28477,4 +28477,4 @@ } ], "Version": 1 -} +} \ No newline at end of file