Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8f117ad1 by Moritz Muehlenhoff at 2020-03-22T13:27:21+01:00 k8s fixed - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -50473,24 +50473,24 @@ CVE-2019-11255 (Improper input validation in Kubernetes CSI sidecar containers f CVE-2019-11254 RESERVED CVE-2019-11253 (Improper input validation in the Kubernetes API server in versions v1. ...) - - kubernetes <unfixed> + - kubernetes 1.17.4-1 NOTE: https://github.com/kubernetes/kubernetes/issues/83253 CVE-2019-11252 RESERVED CVE-2019-11251 (The Kubernetes kubectl cp command in versions 1.1-1.12, and versions p ...) - kubernetes <not-affected> (Vulnerable code not present) CVE-2019-11250 (The Kubernetes client-go library logs request headers at verbosity lev ...) - - kubernetes <unfixed> (bug #934801) + - kubernetes 1.17.4-1 (bug #934801) NOTE: https://github.com/kubernetes/kubernetes/issues/81114 CVE-2019-11249 (The kubectl cp command allows copying files between containers and the ...) - kubernetes <not-affected> (Vulnerable code not present; incomplete fix not applied) NOTE: https://github.com/kubernetes/kubernetes/issues/80984 CVE-2019-11248 (The debugging endpoint /debug/pprof is exposed over the unauthenticate ...) - - kubernetes <unfixed> (bug #934182) + - kubernetes 1.17.4-1 (bug #934182) NOTE: https://github.com/kubernetes/kubernetes/issues/81023 NOTE: https://groups.google.com/forum/#!topic/kubernetes-security-announce/pKELclHIov8 CVE-2019-11247 (The Kubernetes kube-apiserver mistakenly allows access to a cluster-sc ...) - - kubernetes <unfixed> (bug #933988) + - kubernetes 1.17.4-1 (bug #933988) NOTE: https://github.com/kubernetes/kubernetes/issues/80983 CVE-2019-11246 (The kubectl cp command allows copying files between containers and the ...) - kubernetes <not-affected> (Vulnerable code not present; incomplete fix not applied) @@ -56264,7 +56264,7 @@ CVE-2019-12439 (bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary direct NOTE: https://github.com/projectatomic/bubblewrap/issues/304 NOTE: Negligable security impact CVE-2019-1002100 (In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, use ...) - - kubernetes <unfixed> (bug #923686) + - kubernetes 1.17.4-1 (bug #923686) NOTE: https://github.com/kubernetes/kubernetes/issues/74534 NOTE: https://github.com/kubernetes/kubernetes/pull/74000 CVE-2019-9548 (Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 ...) @@ -78170,7 +78170,7 @@ CVE-2018-1002104 (Versions < 1.5 of the Kubernetes ingress default backend, w CVE-2018-1002103 (In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Das ...) NOT-FOR-US: minikube CVE-2018-1002102 (Improper validation of URL redirection in the Kubernetes API server in ...) - - kubernetes <unfixed> + - kubernetes 1.17.4-1 NOTE: https://github.com/kubernetes/kubernetes/issues/85867 CVE-2018-19875 RESERVED @@ -78388,7 +78388,7 @@ CVE-2018-19810 (Cross Site Scripting exists in InfoVista VistaPortal SE Version CVE-2018-19809 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...) NOT-FOR-US: InfoVista VistaPortal SE CVE-2018-1002105 (In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, in ...) - - kubernetes <unfixed> (bug #915828) + - kubernetes 1.17.4-1 (bug #915828) NOTE: https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88 NOTE: https://github.com/kubernetes/kubernetes/issues/71411 CVE-2018-19808 @@ -107655,7 +107655,7 @@ CVE-2018-10097 (XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email CVE-2018-1000171 REJECTED CVE-2018-1002100 (In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to versio ...) - - kubernetes <unfixed> (bug #929225) + - kubernetes 1.17.4-1 (bug #929225) NOTE: https://github.com/kubernetes/kubernetes/issues/61297 NOTE: https://github.com/kubernetes/kubernetes/commit/f180c969ccd47b9d00dbaf5cbd5b37eb8b49ae08 (1.9.x) CVE-2018-1000170 (A cross-site scripting vulnerability exists in Jenkins 2.115 and older ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f117ad158c95664b883fdf20e5c806185107d0f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f117ad158c95664b883fdf20e5c806185107d0f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits