271108 – net/cloud-init: (and net/cloud-init-devel) security update

Bug 271108 - net/cloud-init: (and net/cloud-init-devel) security update

Summary: net/cloud-init: (and net/cloud-init-devel) security update

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Fernando Apesteguía

URL:	https://github.com/canonical/cloud-in...
Keywords:	security

Depends on:
Blocks:

Reported:	2023-04-27 22:16 UTC by Mina Galić
Modified:	2023-05-01 18:55 UTC (History)
CC List:	4 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (andrey) fernape: merge-quarterly+

Attachments
update net/cloud-init-devel to latest version (2.72 KB, patch) 2023-04-27 22:16 UTC, Mina Galić	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mina Galić freebsd_triage

2023-04-27 22:16:12 UTC

Created attachment 241799 [details]
update net/cloud-init-devel to latest version

For details see:
- Changelog: https://github.com/canonical/cloud-init/releases/tag/23.1.2
- https://bugs.launchpad.net/cloud-init/+bug/2013967
- https://lists.ubuntu.com/archives/ubuntu-security-announce/2023-April/007310.html
- https://ubuntu.com/security/notices/USN-6042-1
- CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1786

Comment 1 Fernando Apesteguía freebsd_committer

2023-04-29 17:58:58 UTC

Reminder to self: vuxml entry.

Comment 2 commit-hook freebsd_committer

2023-05-01 18:11:17 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=20d0afe7bde8940f73935b7195dd426302aae151

commit 20d0afe7bde8940f73935b7195dd426302aae151
Author:     Mina Galić <freebsd@igalic.co>
AuthorDate: 2023-04-29 17:52:54 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-05-01 18:05:29 +0000

    net/cloud-init{-devel}: security update

    ChangeLog: https://github.com/canonical/cloud-init/releases/tag/23.1.2

    PR:             271108
    Reported by:    freebsd@igalic.co
    MFH:            2023Q2 (security updates)
    Security:       CVE-2023-1786

 net/cloud-init-devel/Makefile | 4 ++--
 net/cloud-init-devel/distinfo | 6 +++---
 net/cloud-init/Makefile       | 2 +-
 net/cloud-init/distinfo       | 6 +++---
 4 files changed, 9 insertions(+), 9 deletions(-)

Comment 3 commit-hook freebsd_committer

2023-05-01 18:15:19 UTC

A commit in branch 2023Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8ec930f05ac48edbadfe570ebe73bf85384a62d4

commit 8ec930f05ac48edbadfe570ebe73bf85384a62d4
Author:     Mina Galić <freebsd@igalic.co>
AuthorDate: 2023-04-29 17:52:54 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-05-01 18:10:20 +0000

    net/cloud-init{-devel}: security update

    ChangeLog: https://github.com/canonical/cloud-init/releases/tag/23.1.2

    PR:             271108
    Reported by:    freebsd@igalic.co
    MFH:            2023Q2 (security updates)
    Security:       CVE-2023-1786

    (cherry picked from commit 20d0afe7bde8940f73935b7195dd426302aae151)

 net/cloud-init-devel/Makefile | 4 ++--
 net/cloud-init-devel/distinfo | 6 +++---
 net/cloud-init/Makefile       | 2 +-
 net/cloud-init/distinfo       | 6 +++---
 4 files changed, 9 insertions(+), 9 deletions(-)

Comment 4 Fernando Apesteguía freebsd_committer

2023-05-01 18:21:09 UTC

Committed and merged to 2023Q2,

Thanks!

Comment 5 Mina Galić freebsd_triage

2023-05-01 18:28:25 UTC

do we have a vulnxml entry yet?

Comment 6 Fernando Apesteguía freebsd_committer

2023-05-01 18:55:20 UTC

(In reply to Mina Galić from comment #5)
Oh, sorry. I failed yo reference this PR in the commit for the vuxml entry :S

https://cgit.freebsd.org/ports/commit/?id=aae5fb58c34773b523ac89772db5b6e4dc9e3260