Skip to content

1.144.0
Compare
Choose a tag to compare
@cf-buildpacks-eng cf-buildpacks-eng released this 17 Sep 15:34
· 30 commits to main since this release
1.144.0
8f061ee

Notably, this release addresses:

USN-7012-1 curl vulnerability:

  • CVE-2024-8096:
    When curl is told to use the Certificate Status Request TLS extension,
    often referred to as OCSP stapling, to verify that the server certificate
    is valid, it might fail to detect some OCSP problems and instead wrongly
    consider the response as fine. If the returned status reports another
    error than 'revoked' (like for example 'unauthorized') it is not treated as
    a bad certficate.
-ii  curl                        7.81.0-1ubuntu1.17     amd64 command line tool for transferring data with URL syntax
+ii  curl                        7.81.0-1ubuntu1.18     amd64 command line tool for transferring data with URL syntax
-ii  libapparmor1:amd64          3.0.4-2ubuntu2.3build2 amd64 changehat AppArmor library
+ii  libapparmor1:amd64          3.0.4-2ubuntu2.4       amd64 changehat AppArmor library
-ii  libcurl3-gnutls:amd64       7.81.0-1ubuntu1.17     amd64 easy-to-use client-side URL transfer library (GnuTLS flavour)
-ii  libcurl4:amd64              7.81.0-1ubuntu1.17     amd64 easy-to-use client-side URL transfer library (OpenSSL flavour)
-ii  libcurl4-openssl-dev:amd64  7.81.0-1ubuntu1.17     amd64 development files and documentation for libcurl (OpenSSL flavour)
+ii  libcurl3-gnutls:amd64       7.81.0-1ubuntu1.18     amd64 easy-to-use client-side URL transfer library (GnuTLS flavour)
+ii  libcurl4:amd64              7.81.0-1ubuntu1.18     amd64 easy-to-use client-side URL transfer library (OpenSSL flavour)
+ii  libcurl4-openssl-dev:amd64  7.81.0-1ubuntu1.18     amd64 development files and documentation for libcurl (OpenSSL flavour)
-ii  libpython3.10:amd64         3.10.12-1~22.04.5      amd64 Shared Python runtime library (version 3.10)
-ii  libpython3.10-minimal:amd64 3.10.12-1~22.04.5      amd64 Minimal subset of the Python language (version 3.10)
-ii  libpython3.10-stdlib:amd64  3.10.12-1~22.04.5      amd64 Interactive high-level object-oriented language (standard library, version 3.10)
+ii  libpython3.10:amd64         3.10.12-1~22.04.6      amd64 Shared Python runtime library (version 3.10)
+ii  libpython3.10-minimal:amd64 3.10.12-1~22.04.6      amd64 Minimal subset of the Python language (version 3.10)
+ii  libpython3.10-stdlib:amd64  3.10.12-1~22.04.6      amd64 Interactive high-level object-oriented language (standard library, version 3.10)
-ii  linux-libc-dev:amd64        5.15.0-121.131         amd64 Linux Kernel Headers for development
+ii  linux-libc-dev:amd64        5.15.0-122.132         amd64 Linux Kernel Headers for development```
Assets 3
Loading