[Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 54d66d6f by Moritz Muehlenhoff at 2024-04-18T10:22:30+02:00 new k8s issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-3177 + - kubernetes 1.20.5+really1.20.2-1 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version + NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here CVE-2024-3932 (A vulnerability classified as problematic has been found in Totara LMS ...) TODO: check CVE-2024-3931 (A vulnerability was found in Totara LMS 18.0.1 Build 20231128.01. It h ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54d66d6f173401115c7f00844a101c9c642e6258 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54d66d6f173401115c7f00844a101c9c642e6258 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: df26cd71 by Moritz Muehlenhoff at 2023-06-16T13:54:12+02:00 new k8s issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,15 +29,23 @@ CVE-2023-32026 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulne CVE-2023-32025 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-2431 (A security issue was discovered in Kubelet that allows pods to bypass ...) - TODO: check + - kubernetes 1.20.5+really1.20.2-1 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version + NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here + NOTE: https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10 + NOTE: https://github.com/kubernetes/kubernetes/issues/118690 CVE-2023-2728 - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here + NOTE: https://groups.google.com/g/kubernetes-security-announce/c/9oU_lW2cU_g + NOTE: https://github.com/kubernetes/kubernetes/issues/118640 CVE-2023-2727 - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here + NOTE: https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8 + NOTE: https://github.com/kubernetes/kubernetes/issues/118640 CVE-2023-3276 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Dromara HuTool CVE-2023-3275 (A vulnerability classified as critical was found in PHPGurukul Rail Pa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df26cd718f117cc42cee2904f73a2d6915323563 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df26cd718f117cc42cee2904f73a2d6915323563 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b80fb107 by Moritz Mühlenhoff at 2022-09-20T10:46:26+02:00 new k8s issue NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1858,6 +1858,8 @@ CVE-2022-37346 RESERVED CVE-2022-3172 RESERVED + - kubernetes + [bullseye] - kubernetes (Kubernetes in Bullseye only ships the client) CVE-2022-3171 RESERVED CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound subs ...) @@ -15696,6 +15698,7 @@ CVE-2022-2307 (A lack of cascading deletes in GitLab CE/EE affecting all version - gitlab CVE-2022-34917 RESERVED + - kafka (bug #786460) CVE-2022-34916 (Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote ...) NOT-FOR-US: Apache Flume CVE-2022-2306 (Old session tokens can be used to authenticate to the application and ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b80fb107ae38cc169e00290ebd0e8861be81dff2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b80fb107ae38cc169e00290ebd0e8861be81dff2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: eb916828 by Moritz Muehlenhoff at 2021-07-15T09:36:51+02:00 new k8s issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26458,6 +26458,9 @@ CVE-2021-25741 RESERVED CVE-2021-25740 RESERVED + - kubernetes + [bullseye] - kubernetes (Kubernetes in Bullseye only ships the client) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/14/1 CVE-2021-25739 RESERVED CVE-2021-25738 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb9168282996518a5e17c75cf4c79175a506b98d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb9168282996518a5e17c75cf4c79175a506b98d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7913078e by Moritz Muehlenhoff at 2020-07-15T17:09:37+02:00 new k8s issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19232,6 +19232,9 @@ CVE-2020-8558 NOTE: Upstream fix: https://github.com/kubernetes/kubernetes/pull/91569 CVE-2020-8557 RESERVED + - kubernetes + NOTE: https://github.com/kubernetes/kubernetes/issues/93032 + NOTE: https://github.com/kubernetes/kubernetes/pull/92916 CVE-2020-8556 RESERVED CVE-2020-8555 (The Kubernetes kube-controller-manager in versions v1.0-1.14, versions ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7913078eeabb9ddbc7fe4f86f7c84840f8d17fa7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7913078eeabb9ddbc7fe4f86f7c84840f8d17fa7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b87e6d01 by Moritz Muehlenhoff at 2018-12-20T12:30:01Z new k8s issue two freerdp issues specific to freerdp2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -184,6 +184,7 @@ CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the two-factor-authenticati NOT-FOR-US: two-factor-authentication plugin for WordPress CVE-2018-20230 (An issue was discovered in PSPP 1.2.0. There is a heap-based buffer ...) - pspp (bug #916902) + [stretch] - pspp (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1660318 CVE-2018-20229 RESERVED @@ -28703,7 +28704,8 @@ CVE-2018-11709 (wpforo_get_request_uri in wpf-includes/functions.php in the wpFo CVE-2018-11708 RESERVED CVE-2018-1002101 (In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, ...) - TODO: check + - kubernetes + NOTE: https://github.com/kubernetes/kubernetes/issues/65750 CVE-2016-1000343 (In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key ...) {DLA-1418-1} - bouncycastle 1.56-1 @@ -36488,10 +36490,12 @@ CVE-2018-8786 (FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation CVE-2018-8785 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer ...) - freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1 - freerdp + [stretch] - freerdp (Vulnerable code not present, zgfx not yet supported) NOTE: https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d CVE-2018-8784 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer ...) - freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1 - freerdp + [stretch] - freerdp (Vulnerable code not present, zgfx not yet supported) NOTE: https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7 CVE-2018-8783 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b87e6d01c57164c0096514e7ff4f993504918aaa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b87e6d01c57164c0096514e7ff4f993504918aaa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0fd8745e by Moritz Muehlenhoff at 2018-12-03T17:31:14Z new k8s issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2018-1002105 [Kubernetes API server issue] + - kubernetes + NOTE: https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88 CVE-2018-19808 RESERVED CVE-2018-19807 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0fd8745e25a22e46e2fc53975373f4d95f294ea0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0fd8745e25a22e46e2fc53975373f4d95f294ea0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits