Skip to content

[AUTO-CHERRYPICK] [AutoPR- Security] Patch python3 for CVE-2025-8194 [HIGH] - branch 3.0-dev#14495

Merged
PawelWMS merged 1 commit into
3.0-devfrom
cblmargh/cherry-pick-pr-14443-to-3.0-dev
Aug 13, 2025
Merged

[AUTO-CHERRYPICK] [AutoPR- Security] Patch python3 for CVE-2025-8194 [HIGH] - branch 3.0-dev#14495
PawelWMS merged 1 commit into
3.0-devfrom
cblmargh/cherry-pick-pr-14443-to-3.0-dev

Conversation

@CBL-Mariner-Bot

@CBL-Mariner-Bot CBL-Mariner-Bot commented Aug 12, 2025

Copy link
Copy Markdown
Collaborator

This is an auto-generated pull request to cherry-pick commit 1be1fe0 to 3.0-dev. Original PR: #14443

@azurelinux-security @kevin-b-lockwood @CBL-Mariner-Bot
[AutoPR- Security] Patch python3 for CVE-2025-8194 [HIGH] (#14443)
f850bb1 
Co-authored-by: Kevin Lockwood <57274670+kevin-b-lockwood@users.noreply.github.com>
Co-authored-by: Kevin Lockwood <v-klockwood@microsoft.com>
(cherry picked from commit 1be1fe0)
@CBL-Mariner-Bot CBL-Mariner-Bot requested a review from a team as a code owner August 12, 2025 19:11
@CBL-Mariner-Bot CBL-Mariner-Bot added the Auto Fast-track Cherry-pick Automatic cherry-pick from fast-track branch label Aug 12, 2025
@CBL-Mariner-Bot CBL-Mariner-Bot mentioned this pull request Aug 12, 2025
Merged
12 tasks
@CBL-Mariner-Bot

CBL-Mariner-Bot commented Aug 12, 2025

Copy link
Copy Markdown
Collaborator Author

✅ PR Check Passed

No critical issues detected in spec file changes.

🤖 AI Analysis Summary:

Brief Analysis:
This PR bumps the release from 3 to 4, adding the new CVE-2025-8194 patch along with corresponding updates in the changelog and manifests. All patch files appear well‐named and sequential.

Critical Issues Found:
• No critical security issues were found.

Recommended Actions:
• Confirm that the autosetup macro applies the patches in order (Patch0–Patch4).
• Double-check internal test coverage for the new tarfile validations introduced by CVE-2025-8194.patch.
• Maintain alignment between changelog entries and patch files for future CVE updates.

📋 For detailed analysis and recommendations, check the Azure DevOps pipeline logs.

@PawelWMS PawelWMS merged commit 7d4aa69 into 3.0-dev Aug 13, 2025
28 of 31 checks passed
@PawelWMS PawelWMS deleted the cblmargh/cherry-pick-pr-14443-to-3.0-dev branch August 13, 2025 19:16
SumitJenaHCL pushed a commit to SumitJenaHCL/azurelinux that referenced this pull request Aug 20, 2025
@CBL-Mariner-Bot @azurelinux-security
@kevin-b-lockwood @SumitJenaHCL
[AUTO-CHERRYPICK] [AutoPR- Security] Patch python3 for CVE-2025-8194
a28b317 
…[HIGH] - branch 3.0-dev (microsoft#14495)

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: Kevin Lockwood <57274670+kevin-b-lockwood@users.noreply.github.com>
Co-authored-by: Kevin Lockwood <v-klockwood@microsoft.com>
aaruag
aaruag approved these changes Sep 27, 2025
View reviewed changes

@aaruag aaruag left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved!

jykanase pushed a commit to jykanase/azurelinux that referenced this pull request Oct 16, 2025
@CBL-Mariner-Bot @azurelinux-security
@kevin-b-lockwood @jykanase
[AUTO-CHERRYPICK] [AutoPR- Security] Patch python3 for CVE-2025-8194
c7768ba 
…[HIGH] - branch 3.0-dev (microsoft#14495)

Co-authored-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Co-authored-by: Kevin Lockwood <57274670+kevin-b-lockwood@users.noreply.github.com>
Co-authored-by: Kevin Lockwood <v-klockwood@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aaruag aaruag aaruag approved these changes

Assignees

No one assigned

Labels

3.0-dev PRs Destined for AzureLinux 3.0 Auto Fast-track Cherry-pick Automatic cherry-pick from fast-track branch Automatic PR Packaging

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@CBL-Mariner-Bot @aaruag @PawelWMS @azurelinux-security