ubuntu-docker-images team mailing list archive

Thread
Date

CVEs potentially affecting upstream based ROCKs

To: ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx, emilia.torino@xxxxxxxxxxxxx, alex.murray@xxxxxxxxxxxxx
From: security-team-toolbox-bot@xxxxxxxxxxxxx
Date: Wed, 7 Jul 2021 13:11:29 +0000 (UTC)

New CVEs affecting packages used to build upstream based rocks have been
created in the Ubuntu CVE tracker:

* https://github.com/prometheus/prometheus: CVE-2019-3826
* https://github.com/hashicorp/consul: CVE-2018-19653, CVE-2019-12291,
CVE-2019-9764, CVE-2020-12797, CVE-2020-13170, CVE-2020-13250,
CVE-2020-25201, CVE-2020-25864, CVE-2020-28053, CVE-2020-7219,
CVE-2020-7955, CVE-2021-28156
* https://github.com/gogo/protobuf: CVE-2021-3121

Please review your rock to understand if it is affected by these CVEs.

Thank you for your rock and for attending to this matter.

References:
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2019-3826
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2018-19653
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2019-12291
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2019-9764
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2020-12797
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2020-13170
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2020-13250
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2020-25201
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2020-25864
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2020-28053
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2020-7219
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2020-7955
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-28156
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-3121