From 1b0db90e438c7fb1ee5ceb2516f8a459fa7fe21a Mon Sep 17 00:00:00 2001 From: Wentao Zhang Date: Thu, 21 Mar 2024 00:55:46 -0700 Subject: [PATCH] Debian: openvswitch: fix CVE-2023-3966/CVE-2023-5366/CVE-2024-22563 Upgrade openvswitch's version from 2.15.0+ds1-2+deb11u4 to 2.15.0+ds1-2+deb11u5 to fix CVE-2023-3966/CVE-2023-5366/CVE-2024-22563 Refer to: https://nvd.nist.gov/vuln/detail/CVE-2023-3966 https://nvd.nist.gov/vuln/detail/CVE-2023-5366 https://nvd.nist.gov/vuln/detail/CVE-2024-22563 https://security-tracker.debian.org/tracker/DSA-5640-1 Test Plan: Pass: downloader Pass: build-pkgs --clean --all Pass: build-image Pass: boot Closes-bug: #2057984 Change-Id: I59ac7a2d64cf3f93da081a32e683d36f29055f28 Signed-off-by: Wentao Zhang --- networking/openvswitch/debian/meta_data.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/networking/openvswitch/debian/meta_data.yaml b/networking/openvswitch/debian/meta_data.yaml index 66afb11d6..2343cf059 100644 --- a/networking/openvswitch/debian/meta_data.yaml +++ b/networking/openvswitch/debian/meta_data.yaml @@ -1,10 +1,7 @@ --- debname: openvswitch -debver: 2.15.0+ds1-2+deb11u4 -dl_path: - name: openvswitch-debian-2.15.0+ds1-2+deb11u4.tar.gz - url: https://salsa.debian.org/openstack-team/third-party/openvswitch/-/archive/debian/2.15.0+ds1-2+deb11u4/openvswitch-debian-2.15.0+ds1-2+deb11u4.tar.gz - sha256sum: 87d2fe0e319f66839eddfc9f6c43b7a3cd9c6c71c1b944107cc0a42d7122efd7 +debver: 2.15.0+ds1-2+deb11u5 +archive: https://snapshot.debian.org/archive/debian-security/20240320T004512Z/pool/updates/main/o/openvswitch/ revision: dist: $STX_DIST GITREVCOUNT: