Uploaded image for project: 'Red Hat Internal Developer Platform'
  1. Red Hat Internal Developer Platform
  2. RHIDP-8185

[kfuxRelease.sh] support adding BZ links for container update CVEs

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major Major
    • 1.6.3
    • 1.6.3
    • Release
    • None
    • RHDH COPE 3277

      For the 1.6.3 release, we're currently only tracking some container image updates

      So the `krufRelease.sh` syntax can use `--issues RHIDP-8137, RHIDP-8136`

      Similarly for 1.5.4: `--issues RHIDP-8146, RHIDP-8145`

      However it would be cool to be able to link the RHBA to the UBI9 BZ that fixed some CVEs.

      For 1.6.3 and 1.5.4, this is

      which was fixed with

      So we should be able to also list BZs like these:

      • BZ - 2372373 - CVE-2025-49794 libxml: Heap use after free (UAF) leads to Denial of service (DoS)
      • BZ - 2372385 - CVE-2025-49796 libxml: Type confusion leads to Denial of service (DoS)
      • BZ - 2372406 - CVE-2025-6021 libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2

      For syntax, seee https://konflux.pages.redhat.com/docs/users/releasing/releasing-with-an-advisory.html

              nickboldt Nick Boldt
              nickboldt Nick Boldt
              RHIDP - Cope
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: