ubuntu-docker-images team mailing list archive

Thread
Date

CVEs potentially affecting upstream based ROCKs

To: ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx, emilia.torino@xxxxxxxxxxxxx, alex.murray@xxxxxxxxxxxxx
From: security-team-toolbox-bot@xxxxxxxxxxxxx
Date: Tue, 27 Jul 2021 05:00:44 +0000 (UTC)

New CVEs affecting packages used to build upstream based rocks have been
created in the Ubuntu CVE tracker:

* https://github.com/prometheus/prometheus:
* https://github.com/hashicorp/consul: CVE-2021-32574, CVE-2021-36213
* https://github.com/gogo/protobuf:

Please review your rock to understand if it is affected by these CVEs.

Thank you for your rock and for attending to this matter.

References:
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-32574
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-36213

Follow ups

Re: CVEs potentially affecting upstream based ROCKs
From: Sergio Durigan Junior, 2021-07-29