*** Bug 2002753 has been marked as a duplicate of this bug. ***
*** Bug 2019913 has been marked as a duplicate of this bug. ***
Ok, so standard process in these situations is to assign a new CVE for the CVE we claimed to fix already in an RHSA. I can take care of that on the ProdSec side, I've already converted bz#2027736 to track a new flaw bug (bz#2027881) which is where we'll assign the new CVE. Couple more questions: * We've only shipped an RHSA for CVE-2021-39242 in OCP 4.9.z, but are other packages waiting to be released that are also missing this patch? (rhel-9 perhaps?) * Can we ensure that the upcoming OCP 4.8, 4.7 releases include all four CVE fixes? Miciah, since it seems like you were the one who discovered this issue, would you like to be publicly acknowledge as the reporter on the new CVE page?
(In reply to Sam Fowler from comment #17) > Miciah, since it seems like you were the one who discovered this issue, > would you like to be publicly acknowledge as the reporter on the new CVE > page? No need for acknowledgement. If it's preferable to put a name on it, you may put my name, but otherwise no need.
Attachment 20 [details] and attachment 21 [details] look correct. All CVE patches are accounted for in each attachment.
Sorry, I meant attachment 1845079 [details] from comment 20 and attachment 1845080 [details] from comment 21 look correct.
Verified in "4.8.0-0.nightly-2021-12-18-022810" release version. the rpm has been updated and no regression issue found : ------ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.8.0-0.nightly-2021-12-18-022810 True False 6m5s Cluster version is 4.8.0-0.nightly-2021-12-18-022810 sh-4.4$ haproxy -v HA-Proxy version 2.2.13-5f3eb59 2021/04/02 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2025. Known bugs: http://www.haproxy.org/bugs/bugs-2.2.13.html Running on: Linux 4.18.0-305.30.1.el8_4.x86_64 #1 SMP Tue Nov 30 13:13:11 EST 2021 x86_64 sh-4.4$ rpm -qa haproxy22 haproxy22-2.2.13-2.el8.x86_64 ------
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.25 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:5208