Skip to content

Update debian image from bullseye to bookworm to fix CVEs#1694

Merged
Sneha-at merged 1 commit into
kubernetes-sigs:masterfrom
Sneha-at:cve_fixes
Jun 4, 2024
Merged

Update debian image from bullseye to bookworm to fix CVEs#1694
Sneha-at merged 1 commit into
kubernetes-sigs:masterfrom
Sneha-at:cve_fixes

Conversation

@Sneha-at
Copy link
Copy Markdown
Contributor

@Sneha-at Sneha-at commented Apr 30, 2024
edited
Loading

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespaces from that line:

/kind api-change
/kind bug
/kind cleanup
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake

What this PR does / why we need it:
Update debian base image to bookworm as all bullseye version are stale and does not contain the fix for CVE-2024-33600, CVE-2024-33602, CVE-2024-2961, CVE-2024-33601, CVE-2024-33599
Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Update debian base image from bullseye to bookworm to fix CVE-2024-33600, CVE-2024-33602, CVE-2024-2961, CVE-2024-33601, CVE-2024-33599

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Apr 30, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/bug Categorizes issue or PR as related to a bug. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Apr 30, 2024
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Apr 30, 2024
@Sneha-at
Copy link
Copy Markdown
Contributor Author

Sneha-at commented Apr 30, 2024

/ok-to-test

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Apr 30, 2024
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels May 9, 2024
@Sneha-at
Copy link
Copy Markdown
Contributor Author

Sneha-at commented May 9, 2024

/retest-required

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels May 10, 2024
@Sneha-at
Copy link
Copy Markdown
Contributor Author

Sneha-at commented May 10, 2024

/retest-required

@Sneha-at
Copy link
Copy Markdown
Contributor Author

Sneha-at commented May 10, 2024

/retest

pwschuurman
pwschuurman reviewed May 11, 2024
View reviewed changes
Comment thread Dockerfile
Comment thread Dockerfile Outdated
Comment thread Dockerfile
Comment thread Dockerfile Outdated
@Sneha-at
Copy link
Copy Markdown
Contributor Author

Sneha-at commented May 24, 2024

/retest

@Sneha-at
Copy link
Copy Markdown
Contributor Author

Sneha-at commented May 24, 2024

/retest

@Sneha-at Sneha-at marked this pull request as ready for review May 29, 2024 17:50
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels May 29, 2024
@k8s-ci-robot k8s-ci-robot requested a review from saikat-royc May 29, 2024 17:51
@Sneha-at Sneha-at changed the title Update debian image to fix CVE-2024-2961 Update debian image to fix CVE-2024-33600 CVE-2024-33602 CVE-2024-2961 CVE-2024-33601 CVE-2024-33599 May 29, 2024
@k8s-ci-robot k8s-ci-robot removed the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label May 29, 2024
@pwschuurman
Copy link
Copy Markdown
Contributor

pwschuurman commented May 29, 2024

Hmm, we never added verify-docker-deps.sh to the presubmit.

Can you validate that the image has all dependencies by running:

./hack/verify-docker-deps.sh

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 4, 2024
@pwschuurman
Copy link
Copy Markdown
Contributor

pwschuurman commented Jun 4, 2024

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 4, 2024
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Jun 4, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pwschuurman, Sneha-at

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 4, 2024
@Sneha-at Sneha-at merged commit 6d2a1b2 into kubernetes-sigs:master Jun 4, 2024
@Sneha-at
Copy link
Copy Markdown
Contributor Author

Sneha-at commented Jun 5, 2024

/cherry-pick release-1.13

@k8s-infra-cherrypick-robot
Copy link
Copy Markdown

k8s-infra-cherrypick-robot commented Jun 5, 2024

@Sneha-at: new pull request created: #1734

Details

In response to this:

/cherry-pick release-1.13

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Jun 5, 2024
Merged
@Sneha-at
Copy link
Copy Markdown
Contributor Author

Sneha-at commented Jun 5, 2024

/cherry-pick release-1.12

@k8s-infra-cherrypick-robot
Copy link
Copy Markdown

k8s-infra-cherrypick-robot commented Jun 5, 2024

@Sneha-at: new pull request created: #1735

Details

In response to this:

/cherry-pick release-1.12

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Jun 5, 2024
Merged
@Sneha-at
Copy link
Copy Markdown
Contributor Author

Sneha-at commented Jun 6, 2024

/cherry-pick release-1.11

@k8s-infra-cherrypick-robot
Copy link
Copy Markdown

k8s-infra-cherrypick-robot commented Jun 6, 2024

@Sneha-at: new pull request created: #1737

Details

In response to this:

/cherry-pick release-1.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Jun 6, 2024
Merged
@Sneha-at
Copy link
Copy Markdown
Contributor Author

Sneha-at commented Jun 7, 2024

/cherry-pick release-1.10

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Jun 7, 2024
Merged
@k8s-infra-cherrypick-robot
Copy link
Copy Markdown

k8s-infra-cherrypick-robot commented Jun 7, 2024

@Sneha-at: new pull request created: #1738

Details

In response to this:

/cherry-pick release-1.10

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@Sneha-at
Copy link
Copy Markdown
Contributor Author

Sneha-at commented Jun 7, 2024

/cherry-pick release-1.9

@k8s-infra-cherrypick-robot
Copy link
Copy Markdown

k8s-infra-cherrypick-robot commented Jun 7, 2024

@Sneha-at: new pull request created: #1739

Details

In response to this:

/cherry-pick release-1.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Jun 7, 2024
Merged
hime added a commit to hime/gcp-compute-persistent-disk-csi-driver that referenced this pull request Jun 22, 2024
@hime
Undo kubernetes-sigs#1694
42e86ee
@Fricounet Fricounet mentioned this pull request Jun 24, 2024
Closed
@pwschuurman pwschuurman mentioned this pull request Jun 25, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pwschuurman pwschuurman pwschuurman left review comments

@mattcary mattcary Awaiting requested review from mattcary

@songjiaxun songjiaxun Awaiting requested review from songjiaxun

@saikat-royc saikat-royc Awaiting requested review from saikat-royc

Assignees

@pwschuurman pwschuurman

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Sneha-at @k8s-ci-robot @pwschuurman @k8s-infra-cherrypick-robot