Skip to content

Upgrade runc to 1.3.6 for CVE-2026-41579#17884

Merged
kgodara912 merged 1 commit into
3.0-devfrom
cblmargh/runc-upgrade-to-1.3.6-3.0-dev
Jul 3, 2026
Merged

Upgrade runc to 1.3.6 for CVE-2026-41579#17884
kgodara912 merged 1 commit into
3.0-devfrom
cblmargh/runc-upgrade-to-1.3.6-3.0-dev

Conversation

@Kanishk-Bansal

Copy link
Copy Markdown

Micro version bump to fix the CVE.
Commit - opencontainers/runc@a8e53f2

  • Buddy Build
  • Tarball uploaded
  • Changelog entry
  • CG Manifest
  • PR has security & CVE-fixed-by-upgrade tag

@Kanishk-Bansal Kanishk-Bansal requested a review from a team as a code owner July 1, 2026 12:12
@Kanishk-Bansal Kanishk-Bansal added security CVE-fixed-by-upgrade CVE fixed by package upgrade labels Jul 1, 2026
@microsoft-github-policy-service microsoft-github-policy-service Bot added Packaging 3.0-dev PRs Destined for AzureLinux 3.0 labels Jul 1, 2026

@MadhurAggarwal MadhurAggarwal left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
Buddy Build: 1150960 PASSED

@Kanishk-Bansal Kanishk-Bansal added the ready-for-stable-review PR has passed initial review and is now ready for a second-level stable maintainer review label Jul 2, 2026

@kgodara912 kgodara912 left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

runc version 1.3.3 already has fix for CVE-2025-31133, any reason for listing that CVE here? If not relevant, could you please remove from commit message and PR info?

@Kanishk-Bansal Kanishk-Bansal changed the title Upgrade runc to 1.3.6 for CVE-2026-41579, CVE-2025-31133 Upgrade runc to 1.3.6 for CVE-2026-41579 Jul 3, 2026
@Kanishk-Bansal Kanishk-Bansal force-pushed the cblmargh/runc-upgrade-to-1.3.6-3.0-dev branch from 37d4563 to 94ffb2f Compare July 3, 2026 06:48
@Kanishk-Bansal Kanishk-Bansal requested a review from kgodara912 July 3, 2026 06:48

@kgodara912 kgodara912 left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor version bump to fix CVE. Buddy build is successful. LGTM.

@kgodara912 kgodara912 merged commit cc0fde0 into 3.0-dev Jul 3, 2026
35 checks passed
@kgodara912 kgodara912 deleted the cblmargh/runc-upgrade-to-1.3.6-3.0-dev branch July 3, 2026 12:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

3.0-dev PRs Destined for AzureLinux 3.0 CVE-fixed-by-upgrade CVE fixed by package upgrade Packaging ready-for-stable-review PR has passed initial review and is now ready for a second-level stable maintainer review security

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants