chore(deps): update registry.redhat.io/openshift4/ose-oauth-proxy docker digest to ef10b2e [security] - abandoned #2754
+1
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ker digest to ef10b2e [security] Signed-off-by: konflux-internal-p02 <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: konflux-internal-p02[bot] The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Hi @konflux-internal-p02[bot]. Thanks for your PR. I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
konflux-internal-p02
bot
changed the title
Author
Autoclosing SkippedThis PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error. |
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3e78ec8->ef10b2egolang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws
CVE-2025-22868
More information
Details
A flaw was found in the
golang.org/x/oauth2/jwspackage in the token parsing component. This vulnerability is made possible because of the use ofstrings.Split(token, ".")to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of.characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.Severity
Important
References
golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing
CVE-2025-30204
More information
Details
A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.
Severity
Important
References
libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
CVE-2025-6021
More information
Details
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
Severity
Important
References
sudo: LPE via host option
CVE-2025-32462
More information
Details
A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option (
-hor--host). When using the default sudo security policy plugin (sudoers), the host option is intended to be used in conjunction with the list option (-lor--list) to determine what permissions a user has on a different system. However, this restriction can be bypassed, allowing a user to elevate their privileges on one system to the privileges they may have on a different system, effectively ignoring the host identifier in any sudoers rules. This vulnerability is particularly impactful for systems that share a single sudoers configuration file across multiple computers or use network-based user directories, such as LDAP, to provide sudoers rules on a system.Severity
Important
References
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.