Skip to content

[AUTO-CHERRYPICK] [AutoPR- Security] Patch containerd2 for CVE-2026-42506, CVE-2026-39821, CVE-2026-27136 [CRITICAL] - branch 3.0-dev#17521

Open
CBL-Mariner-Bot wants to merge 6 commits into
3.0-devfrom
cblmargh/cherry-pick-pr-17454-to-3.0-dev
Open

[AUTO-CHERRYPICK] [AutoPR- Security] Patch containerd2 for CVE-2026-42506, CVE-2026-39821, CVE-2026-27136 [CRITICAL] - branch 3.0-dev#17521
CBL-Mariner-Bot wants to merge 6 commits into
3.0-devfrom
cblmargh/cherry-pick-pr-17454-to-3.0-dev

Conversation

@CBL-Mariner-Bot
Copy link
Copy Markdown
Collaborator

@CBL-Mariner-Bot CBL-Mariner-Bot commented May 28, 2026

This is an auto-generated pull request to cherry-pick commit f158b70 to 3.0-dev. Original PR: #17454
In case of no merge conflicts, the PR is merged without approval because it's an automated cherry-pick of an already approved PR.
In case of merge conflicts, an AI-based conflict resolver will attempt to resolve conflicts and might make mistakes. The reviewer must check AI's work before approving.

@CBL-Mariner-Bot CBL-Mariner-Bot added the Auto Fast-track Cherry-pick Automatic cherry-pick from fast-track branch label May 28, 2026
@CBL-Mariner-Bot CBL-Mariner-Bot mentioned this pull request May 28, 2026
Merged
12 tasks
@jslobodzian
Resolve cherry-pick conflicts for CVE-2026-42506, CVE-2026-39821, CVE…
3d4161a 
…-2026-27136

Source patches preserved at Patch5-7. Target CVE-2026-39882 and CVE-2026-33814
renumbered to Patch8-9. Release bumped to 5.
@jslobodzian
Rebase cherry-pick onto 2.2.4 base
0d66f82 
Base upgraded to 2.2.4 on 3.0-dev. Add 3 CVE patches (Patch5-7)
after existing Patch4. Release bumped to 2.
@jslobodzian
Revise changelog for containerd2.spec
f3238bc 
Updated changelog entries for containerd2.spec to reflect recent changes and patches.
@jslobodzian
Change release number to 1 for containerd2.spec
288e28f 
Updated the release number for containerd2 package.
@jslobodzian
Merge branch '3.0-dev' into cblmargh/cherry-pick-pr-17454-to-3.0-dev
da2dbb9
@jslobodzian jslobodzian marked this pull request as ready for review May 29, 2026 16:37
@jslobodzian jslobodzian requested a review from a team as a code owner May 29, 2026 16:37
@jslobodzian
Copy link
Copy Markdown
Collaborator

jslobodzian commented May 29, 2026

/azurepipelines run

@azure-pipelines
Copy link
Copy Markdown

azure-pipelines Bot commented May 29, 2026

Azure Pipelines successfully started running 1 pipeline(s).

PawelWMS
PawelWMS approved these changes May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@PawelWMS PawelWMS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change looks good assuming the patches still make sense (and apply) for the 2.2.4 version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmcilvaney dmcilvaney dmcilvaney approved these changes

@PawelWMS PawelWMS PawelWMS approved these changes

Assignees

No one assigned

Labels

3.0-dev PRs Destined for AzureLinux 3.0 Auto Fast-track Cherry-pick Automatic cherry-pick from fast-track branch Automatic PR Packaging

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@CBL-Mariner-Bot @jslobodzian @dmcilvaney @PawelWMS @azurelinux-security