observability team mailing list archive
-
observability team
-
Mailing list archive
-
Message #00021
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
Alright, thanks. So not much. I'll leave it up to you @Emilia Torino
<emilia.torino@xxxxxxxxxxxxx> whether you think partial monitoring of these
images is worth it. I'd say, only if it is a no-op for you.
On Thu, Aug 17, 2023 at 4:02 PM Luca Bello <luca.bello@xxxxxxxxxxxxx> wrote:
> Well yes, in pretty much all of our rocks we add the `ca-certificates`
> package for TLS operations:
>
> https://packages.ubuntu.com/search?keywords=ca-certificates
>
> We technically use things like `npm`, `nodejs` and `go` for builds, but I
> think that's not particularly relevant.
>
>
> Cheers,
>
> Luca
> On 17/08/2023 15:28, Cristovao Cordeiro wrote:
>
> Well, I'd need to inspect every one of those images before making such a
> statement, *but, *I'd risk saying that these images, although
> snap-/source- based, might also have additional debs, on top of the base
> `ubuntu` image, that deserve monitoring. @Luca Bello
> <luca.bello@xxxxxxxxxxxxx> can you please confirm that? I.e. if any of
> your snap-/source-based ROCKs also has additional debs installed, then it's
> probably worth monitoring them nonetheless.
>
> On Thu, Aug 17, 2023 at 2:58 PM Emilia Torino <emilia.torino@xxxxxxxxxxxxx>
> wrote:
>
>> Hi!
>>
>> On Thu, Aug 17, 2023 at 9:53 AM Luca Bello <luca.bello@xxxxxxxxxxxxx>
>> wrote:
>>
>>> Hi everyone,
>>>
>>> that's correct, SeaweedFS is postponed :)
>>> On 17/08/2023 14:50, Cristovao Cordeiro wrote:
>>>
>>> Hi everyone,
>>>
>>> here's a ping just to revive this thread.
>>>
>>> @Emilia Torino <emilia.torino@xxxxxxxxxxxxx> you might have received
>>> some GH notifications from me, which are related to @Luca Bello
>>> <luca.bello@xxxxxxxxxxxxx> 's images which are now being prepared to be
>>> published.
>>>
>>>
>> Yes, I got them and I was also going to ping you all since from our last
>> discussion I said:
>>
>> "I did a search over the provided sources and only found one case where
>> we have the project as a deb in the archive, which is alertmanager:
>> https://launchpad.net/ubuntu/+source/prometheus-alertmanager.
>> So unless you can confirm there are other debs in the archive matching
>> the remaining upstream projects, alertmanager is the only one we can add to
>> our CVEs monitoring service. I can add it right now."
>>
>>
>>> I'm updating the list from above with the Docker Hub repos that should
>>> be monitored:
>>>
>>> * Alertmanager (https://github.com/prometheus/alertmanager) ->
>>> https://hub.docker.com/r/ubuntu/alertmanager (new)
>>> * Grafana Agent (https://github.com/grafana/agent) ->
>>> https://hub.docker.com/r/ubuntu/grafana-agent (new)
>>> * Grafana (https://github.com/grafana/grafana) ->
>>> https://hub.docker.com/r/ubuntu/grafana
>>> * Loki (https://github.com/grafana/loki) ->
>>> https://hub.docker.com/r/ubuntu/loki
>>> * Mimir (https://github.com/grafana/mimir) ->
>>> https://hub.docker.com/r/ubuntu/mimir (new)
>>> * SeaweedFS (https://github.com/seaweedfs/seaweedfs) [1]
>>> * Traefik (https://github.com/traefik/traefik) ->
>>> https://hub.docker.com/r/ubuntu/traefik (new)
>>>
>>> So unfortunately, all others can't be monitored with the existing
>> solution.
>>
>>
>>> [1] @Luca Bello <luca.bello@xxxxxxxxxxxxx> is this one postponed?
>>>
>>> On Mon, Jul 3, 2023 at 9:37 AM Luca Bello <luca.bello@xxxxxxxxxxxxx>
>>> wrote:
>>>
>>>> Hi Emilia,
>>>>
>>>> that's great; thanks for following through!
>>>>
>>>>
>>>> Cheers,
>>>>
>>>> Luca
>>>> On 28/06/2023 22:18, Emilia Torino wrote:
>>>>
>>>> Hi Luca,
>>>>
>>>> On Tue, Jun 27, 2023 at 5:11 AM Luca Bello <luca.bello@xxxxxxxxxxxxx>
>>>> wrote:
>>>>
>>>>> Hi Emilia,
>>>>>
>>>>> I did not look into it as our short-term priorities changed a little
>>>>> bit; if you need anything else from my side please let me know!
>>>>>
>>>>
>>>> I did a search over the provided sources and only found one case where
>>>> we have the project as a deb in the archive, which is alertmanager:
>>>> https://launchpad.net/ubuntu/+source/prometheus-alertmanager
>>>>
>>>> So unless you can confirm there are other debs in the archive matching
>>>> the remaining upstream projects, alertmanager is the only one we can add to
>>>> our CVEs monitoring service. I can add it right now.
>>>>
>>>> Let me know if you have any questions.
>>>>
>>>> Emilia
>>>>
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Luca
>>>>> On 22/06/2023 17:37, Emilia Torino wrote:
>>>>>
>>>>> Hi all,
>>>>>
>>>>> Following up on this issue...
>>>>>
>>>>> On Fri, Jun 9, 2023 at 12:41 PM Emilia Torino <
>>>>> emilia.torino@xxxxxxxxxxxxx> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> On 9/6/23 06:20, Cristovao Cordeiro wrote:
>>>>>> > Sounds good to me. @Emilia Torino
>>>>>> > <mailto:emilia.torino@xxxxxxxxxxxxx> do you need those repos to
>>>>>> exist in
>>>>>> > Docker Hub before you can onboard these?
>>>>>>
>>>>>> We don't. Since we don't scan the upstream based ROCKs (we only need
>>>>>> this for the deb based ones).
>>>>>>
>>>>>> >
>>>>>> > On Fri, Jun 9, 2023 at 10:42 AM Luca Bello <
>>>>>> luca.bello@xxxxxxxxxxxxx
>>>>>> > <mailto:luca.bello@xxxxxxxxxxxxx>> wrote:
>>>>>> >
>>>>>> > Hello everyone,
>>>>>> >
>>>>>> > as mentioned before, the ROCKs we have are all based on upstream
>>>>>> > projects; the list is the following, as required:
>>>>>> >
>>>>>> > * Alertmanager (https://github.com/prometheus/alertmanager
>>>>>> > <https://github.com/prometheus/alertmanager>)
>>>>>> > * Grafana Agent (https://github.com/grafana/agent
>>>>>> > <https://github.com/grafana/agent>)
>>>>>> > * Grafana (https://github.com/grafana/grafana
>>>>>> > <https://github.com/grafana/grafana>)
>>>>>> > * Loki (https://github.com/grafana/loki
>>>>>> > <https://github.com/grafana/loki>)
>>>>>> > * Mimir (https://github.com/grafana/mimir
>>>>>> > <https://github.com/grafana/mimir>)
>>>>>> > * SeaweedFS (https://github.com/seaweedfs/seaweedfs
>>>>>> > <https://github.com/seaweedfs/seaweedfs>)
>>>>>> > * Traefik (https://github.com/traefik/traefik
>>>>>> > <https://github.com/traefik/traefik>)
>>>>>> >
>>>>>> > Please let me know if any of these qualifies!
>>>>>>
>>>>>> I am not sure how urgent is this, but if you help me identify the
>>>>>> Ubuntu
>>>>>> source packages associated we can make this faster. Otherwise we can
>>>>>> work on this next week.
>>>>>>
>>>>>
>>>>> Did you have a chance to check this?
>>>>>
>>>>>
>>>>>>
>>>>>> >
>>>>>> >
>>>>>> > Cheers,
>>>>>> >
>>>>>> > Luca
>>>>>> >
>>>>>> > On 31/05/2023 18:29, Cristovao Cordeiro wrote:
>>>>>> >>
>>>>>> >> So the only change from our side will be to add
>>>>>> >> prometheus to the email notification subject (or I guess we
>>>>>> >> can just
>>>>>> >> simple replace it with "CVEs potentially affecting
>>>>>> upstream based
>>>>>> >> ROCKs"). Are the email recipients the same ones for the
>>>>>> other
>>>>>> >> ones?
>>>>>> >>
>>>>>> >>
>>>>>> >> I think that would be fine for now. I'm reluctant to use the
>>>>>> >> mailing list as a catch-all, but I think we can re-design this
>>>>>> >> once there is an event bus at Canonical, so we rely less on
>>>>>> emails.
>>>>>> >>
>>>>>> >> As for the other 10 ROCKs, @Luca Bello
>>>>>> >> <mailto:luca.bello@xxxxxxxxxxxxx> let's first do the right due
>>>>>> >> diligence on those, cause if a ROCK is not meant to be under
>>>>>> the
>>>>>> >> "ubuntu" namespace, then this security monitoring doesn't need
>>>>>> to
>>>>>> >> apply.
>>>>>> >>
>>>>>> >> On Wed, May 31, 2023 at 3:58 PM Emilia Torino
>>>>>> >> <emilia.torino@xxxxxxxxxxxxx <mailto:
>>>>>> emilia.torino@xxxxxxxxxxxxx>>
>>>>>> >> wrote:
>>>>>> >>
>>>>>> >>
>>>>>> >> Hi all,
>>>>>> >>
>>>>>> >> On 31/5/23 04:03, Luca Bello wrote:
>>>>>> >> > Hi everyone,
>>>>>> >> >
>>>>>> >> > as said in the thread already, the prometheus image is
>>>>>> >> indeed a ROCK
>>>>>> >> > based on the *prometheus/prometheus* repository.
>>>>>> >>
>>>>>> >> That's very convenient. But just to be clear again, we are
>>>>>> not
>>>>>> >> "inspecting" the upstream based rocks the same way we do
>>>>>> for
>>>>>> >> the deb
>>>>>> >> based ones. We are only monitoring new CVEs created for
>>>>>> >> prometheus,
>>>>>> >> protobuf and consul. So the only change from our side will
>>>>>> be
>>>>>> >> to add
>>>>>> >> prometheus to the email notification subject (or I guess we
>>>>>> >> can just
>>>>>> >> simple replace it with "CVEs potentially affecting
>>>>>> upstream based
>>>>>> >> ROCKs"). Are the email recipients the same ones for the
>>>>>> other
>>>>>> >> ones?
>>>>>> >>
>>>>>> >> >
>>>>>> >> > We're in the process of updating all of our ROCKs in a
>>>>>> >> similar way,
>>>>>> >> > meaning we want to make sure we are complying with any
>>>>>> >> guidelines you
>>>>>> >> > might have on them.
>>>>>> >> > We have about 10 ROCKs at the moment, mostly based on
>>>>>> >> upstream projects
>>>>>> >> > just like this one. Should I share the full list, so you
>>>>>> can
>>>>>> >> track them?
>>>>>> >>
>>>>>> >> I am happy to do an analysis of this list to see if we can
>>>>>> add
>>>>>> >> more. The
>>>>>> >> short answer would be that if the software is packaged as a
>>>>>> >> deb in main
>>>>>> >> or universe (which is the situation for prometheus,
>>>>>> protobuf
>>>>>> >> and consul)
>>>>>> >> then we can simply add them. This is because the service is
>>>>>> >> based on the
>>>>>> >> existing CVE triage work the security team does, which is
>>>>>> >> mainly for
>>>>>> >> debs (although now is being extended to other ecosystems
>>>>>> >> because of SOSS
>>>>>> >> but it is still limited and mainly supporting NVIDIA
>>>>>> software).
>>>>>> >>
>>>>>> >> A simple improvement though could be to map the projects to
>>>>>> >> the rocks so
>>>>>> >> you dont get a general notification, but one per ROCK as
>>>>>> the
>>>>>> >> USNs/debs
>>>>>> >> based service does. We can work on adding this for the
>>>>>> next cycle.
>>>>>> >>
>>>>>> >> >
>>>>>> >> >
>>>>>> >> > Cheers,
>>>>>> >> >
>>>>>> >> > Luca
>>>>>> >> >
>>>>>> >> >
>>>>>> >> > On 31/05/2023 08:12, Cristovao Cordeiro wrote:
>>>>>> >> >> Thank you for the swift action, Emilia!
>>>>>> >> >>
>>>>>> >> >> > Does this
>>>>>> >> >> > relate to a question being asked some hours ago in
>>>>>> >> >> > ~Security
>>>>>> >> >>
>>>>>> >>
>>>>>> https://chat.canonical.com/canonical/pl/dchhoa7wxtyiper7rbk8h43mjo <
>>>>>> https://chat.canonical.com/canonical/pl/dchhoa7wxtyiper7rbk8h43mjo>?
>>>>>> >> >>
>>>>>> >> >> Yes, precisely. @Luca Bello
>>>>>> >> <mailto:luca.bello@xxxxxxxxxxxxx
>>>>>> >> <mailto:luca.bello@xxxxxxxxxxxxx>> is in
>>>>>> >> >> the process of updating that image and we're re-doing
>>>>>> our
>>>>>> >> due diligence.
>>>>>> >> >> Luca can confirm, but this seems to be a ROCK based
>>>>>> >> precisely on that
>>>>>> >> >> upstream Prometheus repository that you are already
>>>>>> monitoring
>>>>>> >> >>
>>>>>> >> (
>>>>>> https://github.com/canonical/prometheus-rock/blob/main/rockcraft.yaml#L19
>>>>>> <
>>>>>> https://github.com/canonical/prometheus-rock/blob/main/rockcraft.yaml#L19
>>>>>> >).
>>>>>> >> >>
>>>>>> >> >> Can we then add this image to your list of tracked
>>>>>> ROCKs?
>>>>>> >> >>
>>>>>> >> >>
>>>>>> >> >> On Tue, May 30, 2023 at 9:45 PM Emilia Torino
>>>>>> >> >> <emilia.torino@xxxxxxxxxxxxx
>>>>>> >> <mailto:emilia.torino@xxxxxxxxxxxxx>> wrote:
>>>>>> >> >>
>>>>>> >> >> Hey all,
>>>>>> >> >>
>>>>>> >> >> On 30/5/23 13:14, Emilia Torino wrote:
>>>>>> >> >> > Hi Cristovao,
>>>>>> >> >> >
>>>>>> >> >> > On 30/5/23 09:41, Cristovao Cordeiro wrote:
>>>>>> >> >> >> Hi Emilia,
>>>>>> >> >> >>
>>>>>> >> >> >> could you please confirm the `prometheus`
>>>>>> container
>>>>>> >> image is being
>>>>>> >> >> >> monitored?
>>>>>> >> >> >
>>>>>> >> >> > I don't see prometheus being monitored by our
>>>>>> >> services (not as a
>>>>>> >> >> rock
>>>>>> >> >> > based on upstream source code nor as a rock based
>>>>>> on
>>>>>> >> debs). Does
>>>>>> >> >> this
>>>>>> >> >> > relate to a question being asked some hours ago in
>>>>>> >> >> > ~Security
>>>>>> >> >>
>>>>>> >>
>>>>>> https://chat.canonical.com/canonical/pl/dchhoa7wxtyiper7rbk8h43mjo <
>>>>>> https://chat.canonical.com/canonical/pl/dchhoa7wxtyiper7rbk8h43mjo>?
>>>>>> >> >> >
>>>>>> >> >> >
>>>>>> >> >> > These emails' subject only mentions cortex and
>>>>>> >> telegraf, but
>>>>>> >> >> >> I can see "
>>>>>> https://github.com/prometheus/prometheus
>>>>>> >> <https://github.com/prometheus/prometheus>
>>>>>> >> >> >> <https://github.com/prometheus/prometheus
>>>>>> >> <https://github.com/prometheus/prometheus>>" in the body
>>>>>> of the
>>>>>> >> >> email.
>>>>>> >> >> >
>>>>>> >> >> > Apologize for the confusion, this sounds like a
>>>>>> bug
>>>>>> >> in the email
>>>>>> >> >> content
>>>>>> >> >> > generator code. I will take a look at it later.
>>>>>> >> >>
>>>>>> >> >> I investigated this bug and it should be solved
>>>>>> >> already. There was an
>>>>>> >> >> issue in the past, but we fixed it already. I
>>>>>> thought
>>>>>> >> it could be
>>>>>> >> >> related but I see this notification you are asking
>>>>>> is
>>>>>> >> from March.
>>>>>> >> >> If you
>>>>>> >> >> check the last notification sent on Thu, May 4,
>>>>>> 2:03 AM
>>>>>> >> is correctly
>>>>>> >> >> reporting about a single package (cortex only).
>>>>>> >> >>
>>>>>> >> >> Let me know if you have any further question.
>>>>>> >> >>
>>>>>> >> >> In this case, only a new
>>>>>> >> >> > CVE affecting consul has been created in our
>>>>>> tracker
>>>>>> >> >> >
>>>>>> >> >>
>>>>>> >>
>>>>>> https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2023-0845
>>>>>> <
>>>>>> https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2023-0845
>>>>>> >.
>>>>>> >> >> >
>>>>>> >> >> > Still, this does not mean cortex and telegraf are
>>>>>> >> affected,
>>>>>> >> >> since this
>>>>>> >> >> > needs triage (i.e. understand if the code/version
>>>>>> >> present in the
>>>>>> >> >> rocks
>>>>>> >> >> > are indeed vulnerable).
>>>>>> >> >> >
>>>>>> >> >> > FYI the reason why
>>>>>> >> https://github.com/prometheus/prometheus
>>>>>> >> <https://github.com/prometheus/prometheus> (and
>>>>>> >> >> also
>>>>>> >> >> > https://github.com/gogo/protobuf
>>>>>> >> <https://github.com/gogo/protobuf>) are listed in this
>>>>>> email, is
>>>>>> >> >> because
>>>>>> >> >> > these 3 are the *only* upstream projects we are
>>>>>> >> monitoring
>>>>>> >> >> (because of
>>>>>> >> >> > the bug the 3 are incorrectly listed in the email,
>>>>>> >> only consul
>>>>>> >> >> should
>>>>>> >> >> > be). In other words, we are not scanning every
>>>>>> >> upstream source
>>>>>> >> >> project
>>>>>> >> >> > which is used to build cortex and telegraf.
>>>>>> >> >> >
>>>>>> >> >> > There are reasons why this service is very
>>>>>> limited,
>>>>>> >> and I hope this
>>>>>> >> >> > is/was clear. Let me know if you need more
>>>>>> information.
>>>>>> >> >> >
>>>>>> >> >> > Emilia
>>>>>> >> >> >
>>>>>> >> >> >
>>>>>> >> >> >>
>>>>>> >> >> >> ---------- Forwarded message ---------
>>>>>> >> >> >> From: <security-team-toolbox-bot@xxxxxxxxxxxxx
>>>>>> >> <mailto:security-team-toolbox-bot@xxxxxxxxxxxxx>
>>>>>> >> >> >> <mailto:security-team-toolbox-bot@xxxxxxxxxxxxx
>>>>>> >> <mailto:security-team-toolbox-bot@xxxxxxxxxxxxx>>>
>>>>>> >> >> >> Date: Sat, Mar 11, 2023 at 6:03 AM
>>>>>> >> >> >> Subject: [Ubuntu-docker-images] CVEs potentially
>>>>>> >> affecting
>>>>>> >> >> cortex and
>>>>>> >> >> >> telegraf
>>>>>> >> >> >> To: <ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
>>>>>> >> <mailto:ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx>
>>>>>> >> >> >> <mailto:ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
>>>>>> >> <mailto:ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx>>>,
>>>>>> >> >> >> <sergio.durigan@xxxxxxxxxxxxx
>>>>>> >> <mailto:sergio.durigan@xxxxxxxxxxxxx>
>>>>>> >> >> <mailto:sergio.durigan@xxxxxxxxxxxxx
>>>>>> >> <mailto:sergio.durigan@xxxxxxxxxxxxx>>>,
>>>>>> >> >> >> <emilia.torino@xxxxxxxxxxxxx
>>>>>> >> <mailto:emilia.torino@xxxxxxxxxxxxx>
>>>>>> >> >> <mailto:emilia.torino@xxxxxxxxxxxxx
>>>>>> >> <mailto:emilia.torino@xxxxxxxxxxxxx>>>,
>>>>>> >> >> >> <alex.murray@xxxxxxxxxxxxx
>>>>>> >> <mailto:alex.murray@xxxxxxxxxxxxx>
>>>>>> >> <mailto:alex.murray@xxxxxxxxxxxxx
>>>>>> >> <mailto:alex.murray@xxxxxxxxxxxxx>>>,
>>>>>> >> >> >> <simon.aronsson@xxxxxxxxxxxxx
>>>>>> >> <mailto:simon.aronsson@xxxxxxxxxxxxx>
>>>>>> >> >> <mailto:simon.aronsson@xxxxxxxxxxxxx
>>>>>> >> <mailto:simon.aronsson@xxxxxxxxxxxxx>>>,
>>>>>> >> >> >> <dylan.stephano-shachter@xxxxxxxxxxxxx
>>>>>> >> <mailto:dylan.stephano-shachter@xxxxxxxxxxxxx>
>>>>>> >> >> >> <mailto:dylan.stephano-shachter@xxxxxxxxxxxxx
>>>>>> >> <mailto:dylan.stephano-shachter@xxxxxxxxxxxxx>>>
>>>>>> >> >> >>
>>>>>> >> >> >>
>>>>>> >> >> >> New CVEs affecting packages used to build
>>>>>> upstream
>>>>>> >> based rocks
>>>>>> >> >> have been
>>>>>> >> >> >> created in the Ubuntu CVE tracker:
>>>>>> >> >> >>
>>>>>> >> >> >> * https://github.com/gogo/protobuf
>>>>>> >> <https://github.com/gogo/protobuf>
>>>>>> >> >> <https://github.com/gogo/protobuf
>>>>>> >> <https://github.com/gogo/protobuf>>:
>>>>>> >> >> >> * https://github.com/hashicorp/consul
>>>>>> >> <https://github.com/hashicorp/consul>
>>>>>> >> >> >> <https://github.com/hashicorp/consul
>>>>>> >> <https://github.com/hashicorp/consul>>: CVE-2023-0845
>>>>>> >> >> >> * https://github.com/prometheus/prometheus
>>>>>> >> <https://github.com/prometheus/prometheus>
>>>>>> >> >> >> <https://github.com/prometheus/prometheus
>>>>>> >> <https://github.com/prometheus/prometheus>>:
>>>>>> >> >> >>
>>>>>> >> >> >> Please review your rock to understand if it is
>>>>>> >> affected by
>>>>>> >> >> these CVEs.
>>>>>> >> >> >>
>>>>>> >> >> >> Thank you for your rock and for attending to this
>>>>>> >> matter.
>>>>>> >> >> >>
>>>>>> >> >> >> References:
>>>>>> >> >> >>
>>>>>> >> >>
>>>>>> >>
>>>>>> https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2023-0845
>>>>>> <
>>>>>> https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2023-0845
>>>>>> >
>>>>>> >> >> >>
>>>>>> >> >>
>>>>>> >> <
>>>>>> https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2023-0845
>>>>>> <
>>>>>> https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2023-0845
>>>>>> >>
>>>>>> >> >> >>
>>>>>> >> >> >>
>>>>>> >> >> >>
>>>>>> >> >> >> --
>>>>>> >> >> >> Mailing list:
>>>>>> >> https://launchpad.net/~ubuntu-docker-images
>>>>>> >> <https://launchpad.net/~ubuntu-docker-images>
>>>>>> >> >> >> <https://launchpad.net/~ubuntu-docker-images
>>>>>> >> <https://launchpad.net/~ubuntu-docker-images>>
>>>>>> >> >> >> Post to :
>>>>>> >> ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
>>>>>> >> <mailto:ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx>
>>>>>> >> >> >> <mailto:ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
>>>>>> >> <mailto:ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx>>
>>>>>> >> >> >> Unsubscribe :
>>>>>> >> https://launchpad.net/~ubuntu-docker-images
>>>>>> >> <https://launchpad.net/~ubuntu-docker-images>
>>>>>> >> >> >> <https://launchpad.net/~ubuntu-docker-images
>>>>>> >> <https://launchpad.net/~ubuntu-docker-images>>
>>>>>> >> >> >> More help :
>>>>>> https://help.launchpad.net/ListHelp
>>>>>> >> <https://help.launchpad.net/ListHelp>
>>>>>> >> >> >> <https://help.launchpad.net/ListHelp
>>>>>> >> <https://help.launchpad.net/ListHelp>>
>>>>>> >> >> >>
>>>>>> >> >> >>
>>>>>> >> >> >> --
>>>>>> >> >> >> Cris
>>>>>> >> >>
>>>>>> >> >>
>>>>>> >> >>
>>>>>> >> >> --
>>>>>> >> >> Cris
>>>>>> >>
>>>>>> >>
>>>>>> >>
>>>>>> >> --
>>>>>> >> Cris
>>>>>> > ____
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> > --
>>>>>> > Cris
>>>>>>
>>>>>
>>>
>>> --
>>> Cris
>>>
>>>
>
> --
> Cris
>
>
--
Cris
Follow ups
References
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Cristovao Cordeiro, 2023-05-31
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Luca Bello, 2023-05-31
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Emilia Torino, 2023-05-31
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Cristovao Cordeiro, 2023-05-31
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Luca Bello, 2023-06-09
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Cristovao Cordeiro, 2023-06-09
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Emilia Torino, 2023-06-09
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Emilia Torino, 2023-06-22
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Luca Bello, 2023-06-27
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Emilia Torino, 2023-06-28
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Luca Bello, 2023-07-03
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Cristovao Cordeiro, 2023-08-17
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Luca Bello, 2023-08-17
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Emilia Torino, 2023-08-17
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Cristovao Cordeiro, 2023-08-17
-
Re: Fwd: [Ubuntu-docker-images] CVEs potentially affecting cortex and telegraf
From: Luca Bello, 2023-08-17
