Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 1924428: CVE-2021-3121 gogo/protobuf lacks certain index validation #625

Merged
merged 1 commit into from
Jul 29, 2021
Merged

Bug 1924428: CVE-2021-3121 gogo/protobuf lacks certain index validation #625

merged 1 commit into from
Jul 29, 2021

Conversation

arjunrn
Copy link
Contributor

@arjunrn arjunrn commented Jul 8, 2021

Updated all k/k dependencies to address the CVE-2021-3121.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 8, 2021

@arjunrn: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

Updated vendored upstream dependencies

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@arjunrn arjunrn changed the title Updated vendored upstream dependencies Bug 1924440: CVE-2021-3121 gogo/protobuf lacks certain index validation Jul 8, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 8, 2021

@arjunrn: This pull request references Bugzilla bug 1924440, which is invalid:

  • expected the bug to be open, but it isn't
  • expected the bug to target the "4.7.z" release, but it targets "4.8.0" instead
  • expected the bug to be in one of the following states: NEW, ASSIGNED, ON_DEV, POST, POST, but it is CLOSED (NEXTRELEASE) instead
  • expected Bugzilla bug 1924440 to depend on a bug targeting a release in 4.8.0 and in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but no dependents were found

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1924440: CVE-2021-3121 gogo/protobuf lacks certain index validation

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot added bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Jul 8, 2021
@arjunrn
Copy link
Contributor Author

arjunrn commented Jul 8, 2021

/bugzilla refresh

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 8, 2021

@arjunrn: This pull request references Bugzilla bug 1924440, which is invalid:

  • expected the bug to be open, but it isn't
  • expected the bug to target the "4.7.z" release, but it targets "4.8.0" instead
  • expected the bug to be in one of the following states: NEW, ASSIGNED, ON_DEV, POST, POST, but it is CLOSED (NEXTRELEASE) instead
  • expected Bugzilla bug 1924440 to depend on a bug targeting a release in 4.8.0 and in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but no dependents were found

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@arjunrn arjunrn changed the title Bug 1924440: CVE-2021-3121 gogo/protobuf lacks certain index validation Bug 1924428: CVE-2021-3121 gogo/protobuf lacks certain index validation Jul 8, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 8, 2021

@arjunrn: This pull request references Bugzilla bug 1924428, which is invalid:

  • expected the bug to target the "4.7.z" release, but it targets "4.9.0" instead
  • expected Bugzilla bug 1924428 to depend on a bug targeting a release in 4.8.0 and in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but no dependents were found

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1924428: CVE-2021-3121 gogo/protobuf lacks certain index validation

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@arjunrn
Copy link
Contributor Author

arjunrn commented Jul 8, 2021

/bugzilla refresh

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 8, 2021

@arjunrn: This pull request references Bugzilla bug 1924428, which is invalid:

  • expected the bug to target the "4.7.z" release, but it targets "4.9.0" instead
  • expected Bugzilla bug 1924428 to depend on a bug targeting a release in 4.8.0 and in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but no dependents were found

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@arjunrn
Copy link
Contributor Author

arjunrn commented Jul 8, 2021

/bugzilla refresh

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 8, 2021

@arjunrn: This pull request references Bugzilla bug 1924428, which is invalid:

  • expected Bugzilla bug 1924428 to depend on a bug targeting a release in 4.8.0 and in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but no dependents were found

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@arjunrn
Copy link
Contributor Author

arjunrn commented Jul 9, 2021

/bugzilla refresh

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 9, 2021

@arjunrn: This pull request references Bugzilla bug 1924428, which is invalid:

  • expected the bug to target the "4.7.z" release, but it targets "4.9.0" instead
  • expected Bugzilla bug 1924428 to depend on a bug targeting a release in 4.8.0 and in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but no dependents were found

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@wking wking added bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. and removed bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Jul 20, 2021
@wking
Copy link
Member

wking commented Jul 20, 2021

Waiving the Bugzilla process, because this is bumping deps to catch up with deps that have already been bumped in 4.8+.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 20, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 20, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: arjunrn, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 20, 2021
@openshift-bot
Copy link
Contributor

/retest-required

Please review the full test history for this PR and help us cut down flakes.

@aravindhp aravindhp added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Jul 29, 2021
@openshift-merge-robot openshift-merge-robot merged commit c07975c into openshift:release-4.7 Jul 29, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 29, 2021

@arjunrn: All pull requests linked via external trackers have merged:

Bugzilla bug 1924428 has been moved to the MODIFIED state.

In response to this:

Bug 1924428: CVE-2021-3121 gogo/protobuf lacks certain index validation

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@arjunrn arjunrn deleted the update-gogo-protobuf branch July 29, 2021 06:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LalatenduMohanty LalatenduMohanty Awaiting requested review from LalatenduMohanty

@wking wking Awaiting requested review from wking

Assignees

@wking wking

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@arjunrn @wking @openshift-bot @aravindhp @openshift-merge-robot