The following packages have been upgraded, to address the mentioned CVEs:
- upgrade 'jinja2' from
3.1.3-1to3.1.5-1gl0- CVE-2024-56326
- CVE-2024-34064
- CVE-2024-56201
- upgrade 'linux' from
6.6.63-0gl0~bp1592to6.6.71-0gl0~bp1592- CVE-2025-21630
- CVE-2024-57937
- upgrade 'python3.12' from
3.12.7-1gl1~bp1592to3.12.8-5gl0~bp1592- CVE-2024-12254
- CVE-2024-9287
- upgrade 'runc' from
1.1.12+ds1-2gardenlinux0to1.1.15+ds1-1gl0- CVE-2024-45310
- upgrade 'rsync' from
3.3.0-1to3.3.0+ds1-4gl0~bp1592- CVE-2024-12088
- CVE-2024-12086
- CVE-2024-12085
- CVE-2024-12747
- CVE-2024-12084
- CVE-2024-12087
- upgrade 'curl' from
8.11.0-1gl0to8.11.1-1gl0- CVE-2024-11053
This is interesting, we have some mismatches. Within the kernel, we had 3 entries. That we choose since they seemed impactful enough IMHO. So, not that relevant for now. But for
jinja2, we only have two entries detected by bdbd, but here we do have three entries. 🤔python, we only saw a single CVE as well.runchad two detected, but here we only have a single one shown.In short, we see different data sets of CVE provided by different sources. That not surprised, but would have expected that the entries from bdba to be more atuned. But the CVE we see in
jinja2is not analyzed yet, so maybe that's why it is not there yet? (https://nvd.nist.gov/vuln/detail/CVE-2024-34064)