From 64938ea160192a7c65253a3a00fc981a1a41decd Mon Sep 17 00:00:00 2001
From: Pushkar Joglekar <pjoglekar@vmware.com>
Date: Mon, 13 Sep 2021 11:13:08 -0700
Subject: [PATCH] Update debian-iptables to pick CVE fixes - This image has
 fixes for CVE-2021-3711, CVE-2021-3712 - This will allow kube-proxy to be
 built on newer base image   which has fixes for these CVEs

---
 build/common.sh              | 2 +-
 build/dependencies.yaml      | 2 +-
 test/utils/image/manifest.go | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/build/common.sh b/build/common.sh
index 8658edf5631..c16e8715eee 100755
--- a/build/common.sh
+++ b/build/common.sh
@@ -90,7 +90,7 @@ readonly KUBE_RSYNC_PORT="${KUBE_RSYNC_PORT:-}"
 readonly KUBE_CONTAINER_RSYNC_PORT=8730
 
 # These are the default versions (image tags) for their respective base images.
-readonly __default_debian_iptables_version=buster-v1.6.6
+readonly __default_debian_iptables_version=buster-v1.6.7
 readonly __default_go_runner_version=v2.3.1-go1.17-buster.0
 readonly __default_setcap_version=buster-v2.0.4
 
diff --git a/build/dependencies.yaml b/build/dependencies.yaml
index cd9589610bf..85abba23739 100644
--- a/build/dependencies.yaml
+++ b/build/dependencies.yaml
@@ -134,7 +134,7 @@ dependencies:
       match: BASEIMAGE\?\=k8s\.gcr\.io\/build-image\/debian-base-s390x:[a-zA-Z]+\-v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)
 
   - name: "k8s.gcr.io/debian-iptables: dependents"
-    version: buster-v1.6.6
+    version: buster-v1.6.7
     refPaths:
     - path: build/common.sh
       match: __default_debian_iptables_version=
diff --git a/test/utils/image/manifest.go b/test/utils/image/manifest.go
index bc830f8210e..899c4ca15d8 100644
--- a/test/utils/image/manifest.go
+++ b/test/utils/image/manifest.go
@@ -208,7 +208,7 @@ func initImageConfigs(list RegistryList) (map[int]Config, map[int]Config) {
 	configs[CheckMetadataConcealment] = Config{list.PromoterE2eRegistry, "metadata-concealment", "1.6"}
 	configs[CudaVectorAdd] = Config{list.PromoterE2eRegistry, "cuda-vector-add", "1.0"}
 	configs[CudaVectorAdd2] = Config{list.PromoterE2eRegistry, "cuda-vector-add", "2.2"}
-	configs[DebianIptables] = Config{list.BuildImageRegistry, "debian-iptables", "buster-v1.6.6"}
+	configs[DebianIptables] = Config{list.BuildImageRegistry, "debian-iptables", "buster-v1.6.7"}
 	configs[EchoServer] = Config{list.PromoterE2eRegistry, "echoserver", "2.4"}
 	configs[Etcd] = Config{list.GcEtcdRegistry, "etcd", "3.4.13-0"}
 	configs[GlusterDynamicProvisioner] = Config{list.PromoterE2eRegistry, "glusterdynamic-provisioner", "v1.0"}