Skip to content

Fix security scan #204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 21 commits into from
Oct 23, 2025
Merged

Fix security scan #204

merged 21 commits into from
Oct 23, 2025

Conversation

@ipsita-npg
Copy link
Contributor

Pull Request Template

Description

Package: passwd
Installed Version: 1:4.13+dfsg1-1+b1
Vulnerability CVE-2023-4641
Severity: MEDIUM
Fixed Version: 1:4.13+dfsg1-1+deb12u1
Link: CVE-2023-4641

Debian package management (apt) is used in download image script and it install the vulnerable passwd package as part of apt update

Fixes # (issue)
updated script to used fixed version of the passwd package (shadow-utils) .

Any Newly Introduced Dependencies

Please describe any newly introduced 3rd party dependencies in this change.
List their name, license information, and how they are used in the project.

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions
so we can reproduce. Please also list any relevant details for your test configuration.

Checklist

  • I agree to use the APACHE-2.0 license for my code changes
  • I have not introduced any 3rd party dependency changes
  • I have performed a self-review of my code

@ipsita-npg ipsita-npg changed the title Fix security scan Fix security scan [WIP] Sep 10, 2025
@ppanigra ppanigra marked this pull request as ready for review September 22, 2025 06:43
krishnajs
krishnajs previously approved these changes Sep 22, 2025
View reviewed changes
@ipsita-npg ipsita-npg changed the title Fix security scan [WIP] Fix security scan Sep 22, 2025
@ipsita-npg ipsita-npg enabled auto-merge (squash) September 22, 2025 16:35
abjyoti
abjyoti previously approved these changes Oct 17, 2025
View reviewed changes
Copy link
Contributor

@abjyoti abjyoti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ppanigra ppanigra requested a review from abjyoti October 17, 2025 16:46
abjyoti
abjyoti approved these changes Oct 23, 2025
View reviewed changes
Copy link
Contributor

@abjyoti abjyoti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ipsita-npg ipsita-npg merged commit 74c49dc into main Oct 23, 2025
19 checks passed
@ipsita-npg ipsita-npg deleted the security-fix branch October 23, 2025 06:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abjyoti abjyoti abjyoti approved these changes

@krishnajs krishnajs krishnajs left review comments

@Ram-srini Ram-srini Awaiting requested review from Ram-srini Ram-srini is a code owner

@shankarsrinivas1 shankarsrinivas1 Awaiting requested review from shankarsrinivas1 shankarsrinivas1 is a code owner

@punam20 punam20 Awaiting requested review from punam20 punam20 is a code owner

Assignees

No one assigned

Labels

CI 🤖 root standalone-node

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ipsita-npg @krishnajs @abjyoti @sys-orch @ppanigra