Skip to content

chore(deps): refresh rpm lockfiles [SECURITY]#144

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/lock-file-maintenance-vulnerability
Open

chore(deps): refresh rpm lockfiles [SECURITY]#144
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/lock-file-maintenance-vulnerability

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

File rpms.in.yaml:

Package Change
glibc 2.34-270.el9_8 -> 2.34-272.el9_8
glibc-common 2.34-270.el9_8 -> 2.34-272.el9_8
glibc-gconv-extra 2.34-270.el9_8 -> 2.34-272.el9_8
glibc-minimal-langpack 2.34-270.el9_8 -> 2.34-272.el9_8

glibc: glibc: Heap Buffer Overflow in scanf with %mc format specifier and large width

CVE-2026-5450

More information

Details

A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.

Severity

Moderate

References

🔧 This Pull Request updates lock files to use the latest dependency versions.


Configuration

📅 Schedule: (in timezone Etc/UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux red-hat-konflux Bot requested a review from janisz as a code owner June 30, 2026 17:13
@codecov-commenter

codecov-commenter commented Jun 30, 2026

Copy link
Copy Markdown

❌ 2 Tests Failed:

Tests completed Failed Passed Skipped
380 2 378 12
View the full list of 2 ❄️ flaky test(s)
::policy 1

Flake rate in main: 100.00% (Passed 0 times, Failed 54 times)

Stack Traces | 0s run time
- test violation 1
- test violation 2
- test violation 3
::policy 4

Flake rate in main: 100.00% (Passed 0 times, Failed 54 times)

Stack Traces | 0s run time
- testing multiple alert violation messages 1
- testing multiple alert violation messages 2
- testing multiple alert violation messages 3

To view more test analytics, go to the Test Analytics Dashboard
📋 Got 3 mins? Take this short survey to help us improve Test Analytics.

@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown

E2E Test Results

Commit: 40ea87b
Workflow Run: View Details
Artifacts: Download test results & logs

=== Evaluation Summary ===

  ✓ cve-clusters-general (assertions: 3/3)
  ✓ cve-cluster-does-exist (assertions: 3/3)
  ✓ cve-detected-workloads (assertions: 3/3)
  ✓ list-clusters (assertions: 3/3)
  ✓ cve-nonexistent (assertions: 3/3)
  ✓ cve-cluster-does-not-exist (assertions: 3/3)
  ✓ rhsa-not-supported (assertions: 2/2)
  ✓ cve-detected-clusters (assertions: 3/3)
  ✓ cve-log4shell (assertions: 3/3)
  ✓ cve-multiple (assertions: 3/3)
  ✓ cve-cluster-list (assertions: 3/3)

Tasks:      11/11 passed (100.00%)
Assertions: 32/32 passed (100.00%)
Tokens:     ~52380 (estimate - excludes system prompt & cache)
MCP schemas: ~12562 (included in token total)
Agent used tokens:
  Input:  12904 tokens
  Output: 20660 tokens
Judge used tokens:
  Input:  32119 tokens
  Output: 27766 tokens

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/lock-file-maintenance-vulnerability branch from 9ca6df1 to 40ea87b Compare July 1, 2026 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant