microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
5 818 коммитов 990 Ветки 457 Теги 862 MiB
Граф коммитов

5818 Коммитов

Автор SHA1 Сообщение Дата
CBL-Mariner Servicing Account 36952f610e Upgrade python-typing-extensions to 4.8.0 pytorch's runtime dep 2024-11-05 19:15:55 +00:00
Riken Maharjan 7a9794662a
Fix CVE-2024-48063 pytorch (#10914) 
Co-authored-by: jslobodzian <joslobo@microsoft.com>
 2024-11-04 19:22:43 -05:00
jslobodzian b135b56a80 Revert "[AUTO-CHERRYPICK] Patch CVE-2024-31449 in redis - branch main (#10732)" 
This reverts commit 6cc144262e.
 2024-11-01 15:31:49 -04:00
jslobodzian eeab7e5337 Merge branch '2.0' into fasttrack/2.0 2024-11-01 15:16:52 -04:00
jslobodzian bec03956ca Merge branch 'main' into 2.0 2024-10-28 22:00:57 -04:00
CBL-Mariner-Bot 3eb66d1e29
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade msft-golang to 1.22.8 To fix CVE-2022-41717 - branch main (#10834) 2024-10-25 14:41:49 -04:00
CBL-Mariner-Bot 4401d89fad
[AUTO-CHERRYPICK] Added Patch CVE-2022-25255 for qt5-qtbase - branch main (#10835) 
Co-authored-by: Mykhailo Bykhovtsev <108374904+mbykhovtsev-ms@users.noreply.github.com>
 2024-10-25 14:41:25 -04:00
CBL-Mariner-Bot 4dd3ddf0b0
[AUTO-CHERRYPICK] Upgrade mysql to 8.0.40 - branch main (#10809) 
Co-authored-by: Sudipta Pandit <sudpandit@microsoft.com>
 2024-10-25 14:40:38 -04:00
jslobodzian 0fbfb7a9f3 Merge branch 'main' into 2.0 2024-10-25 08:51:55 -04:00
CBL-Mariner-Bot 7f7a3b897b
Prepare November 2024 (#10845) 2024-10-25 08:50:34 -04:00
Riken Maharjan 52013b4026
Add missing patch to fasttrack/2.0 from main (#10840) 
Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
 2024-10-24 16:24:17 -07:00
Rachel Menge c5b6704f80
Remove Amateur Radio X.25 PLP Rose for CVE-2022-2961 (#10826) 
The rose_bind() function which is used in the AX.25 PLP Rose protocol introduced a race condition which has CVE-2022-2961. Therefore remove rose support.
 2024-10-24 14:40:32 -07:00
CBL-Mariner-Bot df3bf49f96 [AUTO-CHERRYPICK] Patch Reaper for multiple CVEs - branch main (#10735) 
Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
Co-authored-by: Riken Maharjan <rmaharjan@microsoft.com>
 2024-10-24 14:59:19 -04:00
Mykhailo Bykhovtsev 228ab4eac1
Added Patch CVE-2022-25255 for qt5-qtbase (#10827) 
Co-authored-by: Andrew Phelps <anphel31@users.noreply.github.com>
 2024-10-24 11:46:07 -07:00
CBL-Mariner-Bot 32e1f399bf
[AUTOPATCHER-CORE] Upgrade msft-golang to 1.22.8 To fix CVE-2022-41717 (#10831) 
Co-authored-by: Balakumaran Kannan <kumaran.4353@gmail.com>
 2024-10-24 14:42:42 -04:00
CBL-Mariner-Bot 1729e7544b
[AUTO-CHERRYPICK] Patch Reaper for multiple CVEs - branch main (#10735) 
Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
Co-authored-by: Riken Maharjan <rmaharjan@microsoft.com>
 2024-10-23 11:47:18 -07:00
Muhammad Falak R Wani b958bee0c4
curl: address CVE-2024-8096 (#10731) 
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-10-23 11:40:11 +05:30
Muhammad Falak R Wani 60d78f8b22
nghttp2: address CVE-2024-28182 (#10656) 
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-10-23 09:18:37 +05:30
Muhammad Falak R Wani 2ab7767a79
gnutls: upgrade 3.7.7 -> 3.7.11 to address CVE-2023-5981, CVE-2024-28835, CVE-2024-28834 & CVE-2024-0553 (#10578) 
Changelog: https://gitlab.com/gnutls/gnutls/-/blob/3.7.11/NEWS
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-10-23 09:16:25 +05:30
Muhammad Falak R Wani db8338b9b1
apr: upgrade version 1.7.2 -> 1.7.5 to address CVE-2023-49582 (#10749) 
Changelog: https://downloads.apache.org/apr/CHANGES-APR-1.7
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2024-10-23 09:07:02 +05:30
Mitch Zhu 08e99cef68
Patch gdb 11.2 for CVE-2023-39128, CVE-2023-39129, CVE-2023-39130 (#10683) 2024-10-22 13:13:48 -07:00
Sudipta Pandit 91f8315e84
Upgrade mysql to 8.0.40 (#10774) 2024-10-22 14:45:36 -04:00
CBL-Mariner-Bot 78c1dd1dc9
[AUTOPATCHER-CORE] Upgrade php to 8.1.30 CVE-2024-8927, CVE-2024-8925 (#10795) 2024-10-22 12:06:02 +05:30
Dallas Delaney 8f60da79d4
rubygem-async-http: remove version dependency of rubygem-protocol-http1 (#10682) 
Co-authored-by: Dallas Delaney <dadelan@example.com>
 2024-10-21 18:02:58 -07:00
Sudipta Pandit 9cc3b9949b
libpcap: Backport fixes for CVE-2024-8006 (#10793) 2024-10-22 02:04:46 +05:30
Sudipta Pandit 8b11ebddc9
Upgrade redis to 6.2.16 (#10798) 2024-10-22 02:03:49 +05:30
Chris Gunn 770cf87559
fluent-bit: CVE-2024-26455, CVE-2024-25629 (#10739) 2024-10-21 12:09:50 -07:00
Henry Li fece1b0dd3
[2.0] Resolve kubernetes CVE-2024-24786 (#10669) 
Co-authored-by: Henry Li <lihl@microsoft.com>
 2024-10-18 14:02:58 -07:00
CBL-Mariner-Bot 95c646c8e7
[AUTO-CHERRYPICK] Patch vim to resolve CVE-2024-43802 - branch main (#10771) 
Co-authored-by: Sam Meluch <109628994+sameluch@users.noreply.github.com>
 2024-10-18 15:31:55 -04:00
CBL-Mariner-Bot cdd7571aab
[AUTO-CHERRYPICK] libarchive: Patch CVE-2024-48957, CVE-2024-48958, CVE-2024-20696 - branch main (#10770) 
Co-authored-by: Nan Liu <108544011+liunan-ms@users.noreply.github.com>
 2024-10-18 15:31:34 -04:00
CBL-Mariner-Bot 054eed9904
[AUTO-CHERRYPICK] Patch terraform to resolve CVE-2022-32149 & CVE-2023-4782 - branch main (#10755) 
Co-authored-by: Sumedh Alok Sharma <sumsharma@microsoft.com>
 2024-10-18 15:30:59 -04:00
CBL-Mariner-Bot f43a558e8d
[AUTO-CHERRYPICK] Fix CVE 2024 24786 and CVE 2022 41717 for prometheus - branch main (#10737) 
Co-authored-by: bhagyapathak <bhagyapathak@users.noreply.github.com>
 2024-10-18 15:30:42 -04:00
CBL-Mariner-Bot f7e825f60a
[AUTO-CHERRYPICK] Apply security fix for CVE-2024-28180 by patching vendored go-jose - branch main (#10736) 
Co-authored-by: abadawi-msft <108105696+abadawi591@users.noreply.github.com>
 2024-10-18 15:30:21 -04:00
CBL-Mariner-Bot e88c36d034
[AUTO-CHERRYPICK] Upgrade OpenIPMI to 2.0.36 to fix CVE-2024-42934 - branch main (#10734) 
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
 2024-10-18 14:55:10 -04:00
CBL-Mariner-Bot a41e552a4e
[AUTO-CHERRYPICK] Patch CVE-2022-28506 and CVE-2023-48161 in giflib - branch main (#10733) 
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
 2024-10-18 14:54:26 -04:00
CBL-Mariner-Bot 6cc144262e
[AUTO-CHERRYPICK] Patch CVE-2024-31449 in redis - branch main (#10732) 
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
 2024-10-18 14:53:39 -04:00
Sam Meluch 5a62256ebe
Patch vim to resolve CVE-2024-43802 (#10680) 
Co-authored-by: jslobodzian <joslobo@microsoft.com>
 2024-10-17 14:52:13 -04:00
Nan Liu 60d4757cf0
libarchive: Patch CVE-2024-48957, CVE-2024-48958, CVE-2024-20696 (#10757) 2024-10-17 14:44:41 -04:00
Sumedh Alok Sharma 2276e9c6e8
Patch terraform to resolve CVE-2022-32149 & CVE-2023-4782 (#10687) 
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: Andrew Phelps <anphel31@users.noreply.github.com>
 2024-10-16 11:42:27 -07:00
bhagyapathak 75de93f8e0
Fix CVE 2024 24786 and CVE 2022 41717 for prometheus (#10730) 
Co-authored-by: jslobodzian <joslobo@microsoft.com>
 2024-10-15 14:45:56 -04:00
abadawi-msft b7e903a450
Apply security fix for CVE-2024-28180 by patching vendored go-jose (#10725) 2024-10-15 14:44:48 -04:00
Rohit Rawat a5aa5e3630
Patch Reaper for multiple CVEs (#10720) 
Co-authored-by: jslobodzian <joslobo@microsoft.com>
 2024-10-15 14:44:22 -04:00
suresh-thelkar fd61ac0d9f
Upgrade OpenIPMI to 2.0.36 to fix CVE-2024-42934 (#10710) 
Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
 2024-10-15 14:43:44 -04:00
suresh-thelkar ceab85e0a5
Patch CVE-2022-28506 and CVE-2023-48161 in giflib (#10694) 
Co-authored-by: Suresh Thelkar <sthelkar@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
 2024-10-15 14:42:54 -04:00
suresh-thelkar 0031a788fb
Patch CVE-2024-31449 in redis (#10688) 
Co-authored-by: Suresh Thelkar <sthelkar@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
 2024-10-15 14:42:16 -04:00
bhagyapathak 4517ec0599
Fix CVE-2024-47554 for apache-commons-io (#10708) 2024-10-15 11:30:40 +05:30
Sumedh Alok Sharma ca21053edc
Patch cni-plugins to resolve CVE-2023-3978 (#10689) 2024-10-15 11:16:33 +05:30
Henry Li 10ccf03d75
[2.0] Resolve kubernetes CVE-2024-28180 (#10668) 
Co-authored-by: Henry Li <lihl@microsoft.com>
 2024-10-14 22:20:02 -07:00
Henry Li d97b713262
[2.0] Resolve dcos-cli CVE-2024-28180 (#10667) 
Co-authored-by: Henry Li <lihl@microsoft.com>
 2024-10-14 22:19:37 -07:00
Pawel Winogrodzki 2343f6b3c4
Merged October 2.0 release to the fast-track branch (#10701) 
Signed-off-by: Chris Co <chrco@microsoft.com>
Signed-off-by: Manuel Huber <mahuber@microsoft.com>
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Co-authored-by: Cameron E Baird <cameronbaird@microsoft.com>
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
Co-authored-by: ms-mahuber <60939654+ms-mahuber@users.noreply.github.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
Co-authored-by: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Co-authored-by: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Co-authored-by: Sumynwa <sumsharma@microsoft.com>
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
Co-authored-by: bfjelds <bfjelds@microsoft.com>
Co-authored-by: Bala <kumaran.4353@gmail.com>
Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
Co-authored-by: Riken Maharjan <106988478+rikenm1@users.noreply.github.com>
Co-authored-by: sindhu-karri <33163197+sindhu-karri@users.noreply.github.com>
Co-authored-by: sharath-srikanth-chellappa <115591284+sharath-srikanth-chellappa@users.noreply.github.com>
Co-authored-by: Sharath Srikanth Chellappa <sharathsr@microsoft.com>
Co-authored-by: Minghe Ren <mingheren@microsoft.com>
Co-authored-by: aadhar-agarwal <108542189+aadhar-agarwal@users.noreply.github.com>
Co-authored-by: Sudipta Pandit <sudpandit@microsoft.com>
Co-authored-by: Gary Swalling <31018813+gjswalling@users.noreply.github.com>
Co-authored-by: Harshit Gupta <harshitgupta1337@gmail.com>
Co-authored-by: nicolas guibourge <nicogbg@gmail.com>
Co-authored-by: Jiri Appl <jiria@microsoft.com>
Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
Co-authored-by: flora-taagen <florataagen@microsoft.com>
Co-authored-by: Riken Maharjan <rmaharjan@microsoft.com>
Co-authored-by: himaja-kesari <123194058+himaja-kesari@users.noreply.github.com>
Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
 2024-10-14 11:57:39 -04:00