ubuntu-docker-images team mailing list archive

Thread
Date

Re: CVEs potentially affecting cortex and telegraf

To: ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
From: Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>
Date: Thu, 9 Sep 2021 09:38:22 -0300
Cc: emilia.torino@xxxxxxxxxxxxx
In-reply-to: <20210909050047.3BC79141D4A@keule.canonical.com>

On Thu, Sep 09, 2021 at 05:00:47AM +0000, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:

New CVEs affecting packages used to build upstream based rocks have been
created in the Ubuntu CVE tracker:

* https://github.com/hashicorp/consul: CVE-2021-37219, CVE-2021-38698
* https://github.com/prometheus/prometheus:
* https://github.com/gogo/protobuf:

Please review your rock to understand if it is affected by these CVEs.

Thank you for your rock and for attending to this matter.

References:
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-37219
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-38698



--
Mailing list: https://launchpad.net/~ubuntu-docker-images
Post to     : ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~ubuntu-docker-images
More help   : https://help.launchpad.net/ListHelp


Hello everyone!

Just a heads up that I am checking this one now.

I'd also like to confirm that I got the email in the list (so the issue
where the list was not receiving these emails seems to be fixed).

Moreover, thank you, Emilia, for including the names of the potentially
affected images in the subject. While not urgent, for the future, when
the number of published images gets higher, it would be nice to also
include the tags of those images!

Best regards,

--
Athos Ribeiro

Follow ups

Re: CVEs potentially affecting cortex and telegraf
From: Emilia Torino, 2021-09-09

References

CVEs potentially affecting cortex and telegraf
From: security-team-toolbox-bot, 2021-09-09