From f71e03e23d7984df4c31eca00d287e01ea8a2550 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Mon, 21 Oct 2024 19:58:48 +0200
Subject: [PATCH] overlay profiles: Add accept keywords for container packages
 to address CVEs

---
 .../profiles/coreos/base/package.accept_keywords          | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index 049fd4ce65..14a6e5b36c 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -10,6 +10,12 @@
 # Handled by automation
 =app-containers/containerd-1.7.23 ~amd64 ~arm64 # DO NOT EDIT THIS LINE. Added by containerd-apply-patch.sh on 2024-10-18 08:06:10
 
+# Needed to address CVE-2024-9341.
+=app-containers/containers-common-0.60.4 ~amd64 ~arm64
+
+# Needed to address CVE-2024-3727.
+=app-containers/containers-image-5.32.2 ~amd64 ~arm64
+
 # Keep versions on both arches in sync.
 =app-containers/cri-tools-1.27.0 ~arm64
 
@@ -136,7 +142,7 @@ dev-util/catalyst ~amd64 ~arm64
 =sys-devel/binutils-config-5.5.2 ~arm64
 =sys-devel/gettext-0.22.5 ~arm64
 
-# Needed in SDK for Secure Boot on arm64.
+# Needed in SDK for Secure Boot on arm64. Also addresses CVE-2024-1298.
 =sys-firmware/edk2-bin-202408 ~amd64 ~arm64
 
 # Keep versions on both arches in sync.