From 8fd9282da046f558bf72235171dceda3cbf77427 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Thu, 11 Jan 2024 18:45:32 +0100
Subject: [PATCH 1/3] changelog: Add missing CVEs for openssh update

---
 changelog/security/2024-01-05-openssh-update.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/changelog/security/2024-01-05-openssh-update.md b/changelog/security/2024-01-05-openssh-update.md
index 698e8417c1e..43ac3612d43 100644
--- a/changelog/security/2024-01-05-openssh-update.md
+++ b/changelog/security/2024-01-05-openssh-update.md
@@ -1 +1 @@
-- openssh ([CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795))
+- openssh ([CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795), [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384), [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385))

From 5ddb24bc4048a44a339869349b6336447130eb6d Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Thu, 11 Jan 2024 18:45:54 +0100
Subject: [PATCH 2/3] changelog: Drop a CVE that does not affect Flatcar

---
 changelog/security/2024-01-05-weekly-updates.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/changelog/security/2024-01-05-weekly-updates.md b/changelog/security/2024-01-05-weekly-updates.md
index 50023b861dd..647ac4c8a0c 100644
--- a/changelog/security/2024-01-05-weekly-updates.md
+++ b/changelog/security/2024-01-05-weekly-updates.md
@@ -5,4 +5,3 @@
 - gnutls ([CVE-2023-5981](https://nvd.nist.gov/vuln/detail/CVE-2023-5981))
 - curl ([CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218), [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219))
 - binutils ([CVE-2023-1972](https://nvd.nist.gov/vuln/detail/CVE-2023-1972))
-- zlib ([CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853))

From 1c34cfb240357efac83570d3f00e94dd5cd12242 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Thu, 11 Jan 2024 18:46:17 +0100
Subject: [PATCH 3/3] overlay profiles: Drop duplicated accept keywords entry
 for app-misc/jq

---
 .../profiles/coreos/base/package.accept_keywords             | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index d4a90efb531..073ad448ad2 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -24,15 +24,12 @@
 # Needed by arm64-native SDK.
 =app-emulation/open-vmdk-1.0 *
 
-# Needed for addressing CVE-2023-50246 and CVE-2023-50268.
+# Needed for addressing CVE-2023-50246, CVE-2023-50268
 =app-misc/jq-1.7.1 ~amd64 ~arm64
 
 # Keep versions on both arches in sync.
 =app-misc/pax-utils-1.3.7 ~amd64
 
-# Needed for addressing CVE-2023-50246, CVE-2023-50268
-=app-misc/jq-1.7.1 ~amd64 ~arm64
-
 # Required for addressing CVE-2022-3715.
 =app-shells/bash-5.2_p21-r1 ~amd64 ~arm64