Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

staging-next-23.11 iteration 9 - 2023-05-23 #313968

Merged
merged 89 commits into from
May 29, 2024
Merged

staging-next-23.11 iteration 9 - 2023-05-23 #313968

merged 89 commits into from
May 29, 2024

Conversation

vcunat
Copy link
Member

@vcunat vcunat commented May 23, 2024

github-actions bot and others added 30 commits April 29, 2024 00:14
@github-actions
Merge staging-next-23.11 into staging-23.11
0102148
@LeSuisse
tpm2-tss: 4.0.1 -> 4.0.2
929742e 
Fixes CVE-2024-29040.

Changes:
https://github.com/tpm2-software/tpm2-tss/releases/tag/4.0.2
@github-actions
Merge staging-next-23.11 into staging-23.11
574adba
@marsam @LeSuisse
ruby_3_1: 3.1.4 -> 3.1.5
e90dc7b 
Changelog: https://github.com/ruby/ruby/releases/tag/v3_1_5

Release Notes: https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-1-5-released/

(cherry picked from commit f6d863e)
@marsam @LeSuisse
ruby_3_2: 3.2.3 -> 3.2.4
8ff1cac 
Changelog: https://github.com/ruby/ruby/releases/tag/v3_2_4

Release Notes: https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-2-4-released/

(cherry picked from commit 938384a)
@marsam @LeSuisse
ruby_3_3: 3.3.0 -> 3.3.1
1ba02c2 
Changelog: https://github.com/ruby/ruby/releases/tag/v3_3_1

Release Notes: https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-3-1-released/

(cherry picked from commit e49c774)
@github-actions
Merge staging-next-23.11 into staging-23.11
a0dd4cf
@github-actions
Merge staging-next-23.11 into staging-23.11
a7149b0
@github-actions
Merge staging-next-23.11 into staging-23.11
a304d03
@LeSuisse
python3Packages.aiohttp: apply patches for CVE-2024-30251
9b9edeb 
GHSA-5m98-qgg9-wh84

A slight adjustment has been made to cebe526b9c34dc3a3da9140409db63014bc4cf19 in order
to resolve a conflict in `tests/test_client_functional.py`.
@leona-ya
Merge pull request #307830 from LeSuisse/tpm2-tss-4.0.2-23.11
258b920 
[23.11] tpm2-tss: 4.0.1 -> 4.0.2
@github-actions
Merge staging-next-23.11 into staging-23.11
f6cf9cf
@drupol
Merge pull request #308764 from LeSuisse/aiohttp-CVE-2024-30251-23.11
6a03749 
[23.11] python3Packages.aiohttp: apply patches for CVE-2024-30251
@github-actions
Merge staging-next-23.11 into staging-23.11
3e898bd
@github-actions
Merge staging-next-23.11 into staging-23.11
d604226
@LeSuisse
glibc: 2.38-66 -> 2.38-77
ec0b22a 
Fixes GLIBC-SA-2024-0005 (CVE-2024-33599), GLIBC-SA-2024-0006 (CVE-2024-33600),
GLIBC-SA-2024-0007 (CVE-2024-33601) and GLIBC-SA-2024-0008 (CVE-2024-33602).

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005;h=a59596610a0ea74d905a2452fc50283dad58e115;hb=HEAD
https://sourceware.org/git?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006;h=d44148d3d97bddac42450649032ebbd96b59062e;hb=HEAD
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007;h=b6928fa27a69e325624b1a395ecb1bbba537ad80;hb=HEAD
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008;h=d93e2a6f0bf084df419efadee2d1a48c4f9003d7;hb=HEAD
@mweinelt
python312Packages.django_4: 4.2.11 -> 4.2.12
2228c98 
https://docs.djangoproject.com/en/4.2/releases/4.2.12/

(cherry picked from commit f3c3f0f)
@github-actions
Merge release-23.11 into staging-next-23.11
af3d5c1
@github-actions
Merge staging-next-23.11 into staging-23.11
f983582
@github-actions
Merge release-23.11 into staging-next-23.11
8074e03
@github-actions
Merge staging-next-23.11 into staging-23.11
8da938c
@Ma27
Merge pull request #309644 from LeSuisse/glibc-2.38-77-23.11
1e49b5f 
[23.11] glibc: 2.38-66 -> 2.38-77
@stigtsp @github-actions
python3Packages.python-jose: add patches for CVE-2024-33663 and CVE-2…
4d5f1b1 
…024-33664

(cherry picked from commit f05f40d)
@leona-ya
Merge pull request #310137 from NixOS/backport-309943-to-staging-23.11
50598ca 
[Backport staging-23.11] python3Packages.python-jose: Add patches for CVE-2024-33663 and CVE-2024-33664
@github-actions
Merge release-23.11 into staging-next-23.11
4697495
@github-actions
Merge staging-next-23.11 into staging-23.11
f25e1a7
@github-actions
Merge release-23.11 into staging-next-23.11
8169e43
@github-actions
Merge staging-next-23.11 into staging-23.11
be51545
@leona-ya
glib: 2.78.4 -> 2.78.6
b62a58d 
https://gitlab.gnome.org/GNOME/glib/-/compare/2.78.4...2.78.6
https://gitlab.gnome.org/GNOME/glib/-/blob/2.78.5/NEWS
https://gitlab.gnome.org/GNOME/glib/-/blob/2.78.6/NEWS

CVE-2024-34397
@Ma27
postgresql: 12.18 -> 12.19, 13.14 -> 13.15, 14.11 -> 14.12, 15.6 -> 1…
5ecfec6 
…5.7, 16.2 -> 16.3, fix CVE-2024-4317

Announcement: Announcement: https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/

Backport of #310580
@vcunat vcunat merged commit c0ac4cd into release-23.11 May 29, 2024
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kalbasit kalbasit Awaiting requested review from kalbasit kalbasit is a code owner

@Mic92 Mic92 Awaiting requested review from Mic92 Mic92 is a code owner

@zowoq zowoq Awaiting requested review from zowoq zowoq is a code owner

@thoughtpolice thoughtpolice Awaiting requested review from thoughtpolice thoughtpolice is a code owner

@marsam marsam Awaiting requested review from marsam

Assignees
No one assigned
Labels
1.severity: security 6.topic: golang 6.topic: python 6.topic: ruby 10.rebuild-darwin: 501+ 10.rebuild-darwin: 5001+ 10.rebuild-darwin-stdenv 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+ 10.rebuild-linux-stdenv
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet