From 769518f90fe20df4fe80c37a1e718bbe37f68d61 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Mon, 28 Apr 2025 16:10:56 +0200
Subject: [PATCH] overlay profiles: Add some security-related accept keywords

---
 .../profiles/coreos/base/package.accept_keywords          | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index 18d8dc5c61..ae9366ceda 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -7,6 +7,9 @@
 # Gentoo upstream package stabilisation
 # (the following packages are "unstable" upstream; we're stabilising these)
 
+# Needed to address CVE-2024-40635.
+=app-containers/containerd-2.0.4 ~amd64 ~arm64
+
 # Keep versions on both arches in sync.
 =app-containers/cri-tools-1.32.0 ~arm64
 
@@ -62,6 +65,11 @@
 
 # Keep versions on both arches in sync.
 =net-dns/bind-9.18.31-r1 ~arm64
+
+# Needed to address CVE-2025-31498.
+=net-dns/c-ares-1.34.5 ~amd64 ~arm64
+
+# Keep versions on both arches in sync.
 =net-firewall/conntrack-tools-1.4.8-r1 ~arm64
 
 # Needed to address CVE-2025-2312.