Skip to content

chore(deps): refresh rpm lockfiles [SECURITY]#3146

Open
red-hat-konflux[bot] wants to merge 1 commit intorelease-3.23from
konflux/mintmaker/release-3.23/lock-file-maintenance-vulnerability
Open

chore(deps): refresh rpm lockfiles [SECURITY]#3146
red-hat-konflux[bot] wants to merge 1 commit intorelease-3.23from
konflux/mintmaker/release-3.23/lock-file-maintenance-vulnerability

Conversation

@red-hat-konflux
Copy link
Contributor

@red-hat-konflux red-hat-konflux bot commented Mar 24, 2026
edited
Loading

This PR contains the following updates:

File rpms.in.yaml:

Package Change
coreutils 8.30-16.el8_10 -> 8.30-17.el8_10
coreutils-common 8.30-16.el8_10 -> 8.30-17.el8_10
curl 7.61.1-34.el8_10.10 -> 7.61.1-34.el8_10.11
gnutls 3.6.16-8.el8_10.4 -> 3.6.16-8.el8_10.5
libcurl 7.61.1-34.el8_10.10 -> 7.61.1-34.el8_10.11
libcurl-devel 7.61.1-34.el8_10.10 -> 7.61.1-34.el8_10.11
platform-python 3.6.8-73.el8_10 -> 3.6.8-74.el8_10
python3-libs 3.6.8-73.el8_10 -> 3.6.8-74.el8_10

gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function

CVE-2025-9820

More information

Details

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.

Severity

Moderate

References

gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

CVE-2025-14831

More information

Details

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

Severity

Moderate

References

python: cpython: URL parser allowed square brackets in domain names

CVE-2025-0938

More information

Details

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.

Severity

Moderate

References

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux
chore(deps): refresh rpm lockfiles [SECURITY]
440e70a 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux bot requested a review from rhacs-bot as a code owner March 24, 2026 14:02
@red-hat-konflux red-hat-konflux bot requested a review from a team as a code owner March 24, 2026 14:02
@red-hat-konflux red-hat-konflux bot requested a review from a team as a code owner March 24, 2026 14:02
@red-hat-konflux red-hat-konflux bot added the rebuild-test-container Rebuild the collector-tests container. label Mar 24, 2026
@red-hat-konflux red-hat-konflux bot enabled auto-merge (squash) March 24, 2026 14:02
rhacs-bot
rhacs-bot approved these changes Mar 24, 2026
View reviewed changes
Copy link
Contributor

@rhacs-bot rhacs-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by automation.

@github-actions
Copy link

github-actions bot commented Mar 24, 2026

/retest collector-on-push

@codecov-commenter
Copy link

codecov-commenter commented Mar 24, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 27.61%. Comparing base (a39fd3e) to head (440e70a).
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@              Coverage Diff              @@
##           release-3.23    #3146   +/-   ##
=============================================
  Coverage         27.61%   27.61%           
=============================================
  Files                96       96           
  Lines              5424     5424           
  Branches           2523     2523           
=============================================
  Hits               1498     1498           
  Misses             3214     3214           
  Partials            712      712
Flag Coverage Δ
collector-unit-tests 27.61% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rhacs-bot rhacs-bot rhacs-bot approved these changes

Assignees

No one assigned

Labels

auto-approve build-builder-image rebuild-test-container Rebuild the collector-tests container.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codecov-commenter @rhacs-bot