Closed Bug 1541821 Opened 2 years ago Closed 2 years ago

Update debian7 docker images for CVE-2019-3462 (apt rce)

Categories

(Firefox Build System :: Task Configuration, task)

task
Not set
normal

Tracking

(firefox68 fixed)

RESOLVED FIXED
mozilla68
Tracking Status
firefox68 --- fixed

People

(Reporter: glandium, Assigned: glandium)

References

Details

Attachments

(2 files)

Bug 1532878 did it indirectly for debian9-based images, this is about the debian7-based ones. We'll still need to update the ubuntu-based images after this.

When docker images use setup_packages.sh, they add apt sources. While we
currently do run apt-get update to pick those new sources, if a package
provided by them is already installed and not explicitly listed in
subsequent apt-get install, they're not going to be upgraded.

This imports the changes from wheezy-lts (http://deb.freexian.com/extended-lts/)
and creates a package we install in the debian7-based images (with a
modified version number to work around bug #1419577.

This leaves out debian7-raw and debian7-packages as unpatched, because
of the chicken-and-egg problem.

Depends on D26100

Pushed by mh@glandium.org:
https://hg.mozilla.org/integration/autoland/rev/97fa367562a0
Ensure docker images using setup_packages.sh are up-to-date wrt the packages provided there. r=tomprince
https://hg.mozilla.org/integration/autoland/rev/7d60a7fd2fac
Update debian7 docker images for CVE-2019-3462. r=tomprince
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
Pushed by mozilla@jorgk.com:
https://hg.mozilla.org/comm-central/rev/fabb02fab198
Port bug 1541821: Add deb7-apt package. rs=bustage-fix DONTBUILD
You need to log in before you can comment on or make changes to this bug.