Skip to content

Fix CVE-2021-44716 (CP #7717).#7815

Merged
PawelWMS merged 1 commit intomainfrom
pawelwi/nicogbg_cp/go-related-modules-CVE-2021-44716
Feb 9, 2024
Merged

Fix CVE-2021-44716 (CP #7717).#7815
PawelWMS merged 1 commit intomainfrom
pawelwi/nicogbg_cp/go-related-modules-CVE-2021-44716

Conversation

@PawelWMS
Copy link
Copy Markdown
Contributor

@PawelWMS PawelWMS commented Feb 9, 2024
edited
Loading

Cherry-pick of #7717.

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

  • The toolchain has been rebuilt successfully (or no changes were made to it)
  • The toolchain/worker package manifests are up-to-date
  • Any updated packages successfully build (or no packages were changed)
  • Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
  • Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
  • All package sources are available
  • cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
  • LICENSE-MAP files are up-to-date (./SPECS/LICENSES-AND-NOTICES/data/licenses.json, ./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md, ./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON)
  • All source files have up-to-date hashes in the *.signatures.json files
  • sudo make go-tidy-all and sudo make go-test-coverage pass
  • Documentation has been updated to match any changes to the build system
  • Ready to merge
Summary

Fix CVE-2021-44716

Change Log
  • Change
  • Change
  • Change
Does this affect the toolchain?

NO

Associated issues
Links to CVEs
Test Methodology

@PawelWMS PawelWMS requested review from a team as code owners February 9, 2024 20:40
@microsoft-github-policy-service microsoft-github-policy-service Bot added the main PR Destined for main label Feb 9, 2024
PawelWMS
PawelWMS commented Feb 9, 2024
View reviewed changes
Comment thread SPECS/keda/keda.spec
* Mon Feb 05 2024 Nicolas Guibourge <nicolasg@microsoft.com> - 2.4.0-18
- Patch CVE-2021-44716

* Mon Feb 05 2024 Daniel McIlvaney <damcilva@microsoft.com> - 2.4.0-17
Copy link
Copy Markdown
Contributor Author

@PawelWMS PawelWMS Feb 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just a missed changelog entry from the PR fixing CVE-2023-44487. All functional changes related to this entry are already inside the spec.

@PawelWMS PawelWMS merged commit fd5e30e into main Feb 9, 2024
@PawelWMS PawelWMS deleted the pawelwi/nicogbg_cp/go-related-modules-CVE-2021-44716 branch February 9, 2024 21:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hbeberman hbeberman hbeberman approved these changes

+1 more reviewer

@nicogbg nicogbg nicogbg approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

main PR Destined for main

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@PawelWMS @nicogbg @hbeberman