Skip to content

chore(deps): refresh rpm lockfiles [SECURITY] #2847

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
red-hat-konflux wants to merge 2 commits into
base: release-3.22
Choose a base branch
from
Open

chore(deps): refresh rpm lockfiles [SECURITY] #2847

red-hat-konflux wants to merge 2 commits into from
+256 −256

Conversation

@red-hat-konflux
Copy link
Contributor

@red-hat-konflux red-hat-konflux bot commented Feb 2, 2026
edited
Loading

This PR contains the following updates:

File rpms.in.yaml:

Package Change
kernel-headers 4.18.0-553.100.1.el8_10 -> 4.18.0-553.104.1.el8_10
libblkid 2.32.1-47.el8_10 -> 2.32.1-48.el8_10
libfdisk 2.32.1-47.el8_10 -> 2.32.1-48.el8_10
libmount 2.32.1-47.el8_10 -> 2.32.1-48.el8_10
libsmartcols 2.32.1-47.el8_10 -> 2.32.1-48.el8_10
libuuid 2.32.1-47.el8_10 -> 2.32.1-48.el8_10
libuuid-devel 2.32.1-47.el8_10 -> 2.32.1-48.el8_10
platform-python 3.6.8-72.el8_10 -> 3.6.8-73.el8_10
python3-libs 3.6.8-72.el8_10 -> 3.6.8-73.el8_10
util-linux 2.32.1-47.el8_10 -> 2.32.1-48.el8_10

util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

CVE-2025-14104

More information

Details

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Severity

Moderate

References

cpython: wsgiref.headers.Headers allows header newline injection in Python

CVE-2026-0865

More information

Details

User-controlled header names and values containing newlines can allow injecting HTTP headers.

Severity

Moderate

References

cpython: POP3 command injection in user-controlled commands

CVE-2025-15367

More information

Details

A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server.

Severity

Moderate

References

cpython: email header injection due to unquoted newlines

CVE-2026-1299

More information

Details

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules, allowing an attacker to inject email headers and potentially modify message recipients or the email body, and spoof sender information.

Severity

Moderate

References

cpython: IMAP command injection in user-controlled commands

CVE-2025-15366

More information

Details

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server.

Severity

Moderate

References

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux red-hat-konflux bot requested a review from rhacs-bot as a code owner February 2, 2026 05:07
@red-hat-konflux red-hat-konflux bot requested review from a team as code owners February 2, 2026 05:07
@red-hat-konflux red-hat-konflux bot added rebuild-test-container Rebuild the collector-tests container. auto-approve labels Feb 2, 2026
rhacs-bot
rhacs-bot approved these changes Feb 2, 2026
View reviewed changes
Copy link
Contributor

@rhacs-bot rhacs-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by automation.

rhacs-bot
rhacs-bot approved these changes Feb 2, 2026
View reviewed changes
Copy link
Contributor

@rhacs-bot rhacs-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by automation.

@github-actions
Copy link

github-actions bot commented Feb 2, 2026

/retest collector-on-push

@codecov-commenter
Copy link

codecov-commenter commented Feb 2, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 27.61%. Comparing base (d228b7f) to head (85828a7).
⚠️ Report is 1 commits behind head on release-3.22.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@              Coverage Diff              @@
##           release-3.22    #2847   +/-   ##
=============================================
  Coverage         27.61%   27.61%           
=============================================
  Files                96       96           
  Lines              5424     5424           
  Branches           2523     2523           
=============================================
  Hits               1498     1498           
  Misses             3214     3214           
  Partials            712      712
Flag Coverage Δ
collector-unit-tests 27.61% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/release-3.22/lock-file-maintenance-vulnerability branch 4 times, most recently from e2e4dac to 95779ac Compare February 5, 2026 17:56
@red-hat-konflux
chore(deps): refresh rpm lockfiles [SECURITY]
4754c7d 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/release-3.22/lock-file-maintenance-vulnerability branch from 95779ac to 4754c7d Compare February 9, 2026 05:16
@github-actions
Copy link

github-actions bot commented Feb 9, 2026

/retest collector-on-push

@red-hat-konflux
Copy link
Contributor Author

red-hat-konflux bot commented Feb 9, 2026

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rhacs-bot rhacs-bot rhacs-bot approved these changes

Assignees

No one assigned

Labels

auto-approve build-builder-image rebuild-test-container Rebuild the collector-tests container.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codecov-commenter @rhacs-bot