observability team mailing list archive

Thread
Date

Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf

To: Emilia Torino <emilia.torino@xxxxxxxxxxxxx>
From: Cristovao Cordeiro <cristovao.cordeiro@xxxxxxxxxxxxx>
Date: Tue, 30 May 2023 14:41:02 +0200
Cc: observability@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20230311050313.77475141093@keule.canonical.com>

Hi Emilia,

could you please confirm the `prometheus` container image is being
monitored? These emails' subject only mentions cortex and telegraf, but I
can see "https://github.com/prometheus/prometheus"; in the body of the email.

---------- Forwarded message ---------
From: <security-team-toolbox-bot@xxxxxxxxxxxxx>
Date: Sat, Mar 11, 2023 at 6:03 AM
Subject: [Ubuntu-docker-images] CVEs potentially affecting cortex and
telegraf
To: <ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx>, <
sergio.durigan@xxxxxxxxxxxxx>, <emilia.torino@xxxxxxxxxxxxx>, <
alex.murray@xxxxxxxxxxxxx>, <simon.aronsson@xxxxxxxxxxxxx>, <
dylan.stephano-shachter@xxxxxxxxxxxxx>

New CVEs affecting packages used to build upstream based rocks have been
created in the Ubuntu CVE tracker:

* https://github.com/gogo/protobuf:
* https://github.com/hashicorp/consul: CVE-2023-0845
* https://github.com/prometheus/prometheus:

Please review your rock to understand if it is affected by these CVEs.

Thank you for your rock and for attending to this matter.

References:
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2023-0845

-- 
Mailing list: https://launchpad.net/~ubuntu-docker-images
Post to     : ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~ubuntu-docker-images
More help   : https://help.launchpad.net/ListHelp

-- 
Cris

Follow ups

Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Emilia Torino, 2023-05-30