[AutoPR- Security] Patch rabbitmq-server for CVE-2026-43966, CVE-2026-44839 [MEDIUM]#17919
Conversation
|
Buddy Build has been triggered and it has passed. |
|
check the indentation in the patch, also don't we need test files, or they are absent in our source? |
|
Backported: YES. Verified the RabbitMQ 3.13.7 source patch against the upstream commit. The patch does not have any indentation issues and matches the upstream formatting. For tests, the source package does not include the upstream Erlang Common Test suites. In this tree, there are no |
Signed-off-by: Swapnil Sahu <v-swapsahu@microsoft.com>
1351df0 to
8606c02
Compare
Kanishk-Bansal
left a comment
There was a problem hiding this comment.
Patch Analysis (the cowboy commit matches upstream, gun (deps/gun/src/gun.erl) core security logic matches upstream. the other files which are not for CVE fix are ommitted as those files are absent in our source code)
- Buddy Build
- patch applied during the build (check
rpm.log) - patch include an upstream reference
- PR has security tag

Auto Patch rabbitmq-server for CVE-2026-43966, CVE-2026-44839.
Autosec pipeline run -> https://dev.azure.com/mariner-org/mariner/_build/results?buildId=1154297&view=results
Autosec pipeline run -> https://dev.azure.com/mariner-org/mariner/_build/results?buildId=1159166&view=results
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-staticsubpackages, etc.) have had theirReleasetag incremented../cgmanifest.json,./toolkit/scripts/toolchain/cgmanifest.json,.github/workflows/cgmanifest.json)./LICENSES-AND-NOTICES/SPECS/data/licenses.json,./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md,./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)*.signatures.jsonfilessudo make go-tidy-allandsudo make go-test-coveragepassSummary
What does the PR accomplish, why was it needed?
Change Log
Does this affect the toolchain?
YES/NO
Associated issues
Links to CVEs
Test Methodology