Skip to content

chore(deps): refresh rpm lockfiles [SECURITY] #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
konflux-internal-p02 wants to merge 1 commit into
base: release-7.1
Choose a base branch
from
Open

chore(deps): refresh rpm lockfiles [SECURITY] #46

konflux-internal-p02 wants to merge 1 commit into from

Conversation

@konflux-internal-p02
Copy link

@konflux-internal-p02 konflux-internal-p02 bot commented Oct 17, 2025
edited
Loading

This PR contains the following updates:

File rpms.in.yaml:

Package Change
net-snmp-agent-libs 1:5.9.1-17.el9 -> 1:5.9.1-17.el9_7.1
net-snmp-libs 1:5.9.1-17.el9 -> 1:5.9.1-17.el9_7.1
libssh 0.10.4-15.el9_7 -> 0.10.4-17.el9_7
libssh-config 0.10.4-15.el9_7 -> 0.10.4-17.el9_7
openssl 1:3.5.1-4.el9_7 -> 1:3.5.1-5.el9_7
openssl-libs 1:3.5.1-4.el9_7 -> 1:3.5.1-5.el9_7
tzdata 2025b-2.el9 -> 2025c-1.el9

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

CVE-2025-5987

More information

Details

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

Severity

Moderate

References

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability branch 3 times, most recently from f7ad781 to 7de73cc Compare November 4, 2025 04:12
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability branch 2 times, most recently from b90754e to a868b72 Compare November 4, 2025 12:10
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability branch 2 times, most recently from 17433c5 to dcb3b49 Compare November 11, 2025 16:12
@Gaurav1A
Copy link

Gaurav1A commented Nov 13, 2025

/retest

@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability branch from dcb3b49 to 25ae355 Compare November 13, 2025 12:18
@Gaurav1A
Copy link

Gaurav1A commented Nov 14, 2025

/retest

@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability branch from 25ae355 to b29c88c Compare November 19, 2025 08:15
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability branch 3 times, most recently from c19fcd1 to b254d22 Compare December 3, 2025 12:15
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability branch from b254d22 to 3372201 Compare December 18, 2025 12:14
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability branch from 3372201 to 66f6d74 Compare January 12, 2026 04:16
@konflux-internal-p02
chore(deps): refresh rpm lockfiles [SECURITY]
d667982 
Signed-off-by: konflux-internal-p02 <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
@konflux-internal-p02 konflux-internal-p02 bot force-pushed the konflux/mintmaker/release-7.1/lock-file-maintenance-vulnerability branch from 66f6d74 to d667982 Compare January 15, 2026 12:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Gaurav1A