Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zot/2.1.1-r1: cve remediation #29081

Merged
merged 1 commit into from
Sep 21, 2024
Merged

zot/2.1.1-r1: cve remediation #29081

merged 1 commit into from
Sep 21, 2024

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Sep 21, 2024

@github-actions GitHub Actions
Copy link
Contributor

Package zot: Click to expand/collapse

Package zot:

.PKGINFO metadata:

  (
  	"""
  	# Generated by melange
  	pkgname = zot
- 	pkgver = 2.1.1-r1
+ 	pkgver = 2.1.1-r2
  	arch = x86_64
- 	size = 173361776
+ 	size = 173624572
  	origin = zot
  	pkgdesc = A production-ready vendor-neutral OCI-native container image registry (purely based on OCI Distribution Specification)
  	url = 
- 	commit = fea4fa1fb86c3c992cd84b5ffaa83061191f8e06
- 	builddate = 1726160336
+ 	commit = 140207b4de1933dadbd682e40e2d48e12bf7ba7a
  	license = Apache-2.0
  	depend = ca-certificates-bundle
  	depend = so:ld-linux-x86-64.so.2
- 	provides = cmd:zli=2.1.1-r1
- 	provides = cmd:zot=2.1.1-r1
- 	datahash = cbf03038ec59c783e30a7d08a679dfd1a3deb1cb276d9d82b5923e3a3482877f
+ 	provides = cmd:zli=2.1.1-r2
+ 	provides = cmd:zot=2.1.1-r2
+ 	datahash = 770bee6db5475ac92a4c8896af4994e036be4213449fae181c90aaf96bce7664
  	"""
  )

Modified: /usr/bin/zli
Modified: /usr/bin/zot

bincapz found differences: Click to expand/collapse

Changed: /tmp/wolfictl-apk-117269033/zot/usr/bin/zot

1 new behaviors

RISK KEY DESCRIPTION EVIDENCE
+MEDIUM net/stat Uses 'netstat' for network information netstat histogram

1 removed behaviors

RISK KEY DESCRIPTION EVIDENCE
-MEDIUM ref/extensions/office References multiple Office file extensions (possible exfil) docx
ppt
xlsx

Moved: zot/var/lib/db/sbom/zot-2.1.1-r1.spdx.json -> /tmp/wolfictl-apk-117269033/zot/var/lib/db/sbom/zot-2.1.1-r2.spdx.json (similarity: 0.99)

@octo-sts octo-sts bot enabled auto-merge (squash) September 21, 2024 09:01
@octo-sts octo-sts bot merged commit f2a7b8e into main Sep 21, 2024
11 checks passed
@octo-sts octo-sts bot deleted the cve-zot-684882c009d2a8a4109ebb36e8ad92cc branch September 21, 2024 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions GitHub Actions github-actions approved these changes

Assignees
No one assigned
Labels
auto-approver-bot/approve automated pr bincapz/pass GHSA-c77r-fh37-x2px go/bump request-cve-remediation zot/2.1.1-r1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants