← Back to team overview

ubuntu-docker-images team mailing list archive

Re: CVEs potentially affecting cortex and telegraf

 

On Thu, Sep 09, 2021 at 05:00:47AM +0000, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
New CVEs affecting packages used to build upstream based rocks have been
created in the Ubuntu CVE tracker:

* https://github.com/hashicorp/consul: CVE-2021-37219, CVE-2021-38698
* https://github.com/prometheus/prometheus:
* https://github.com/gogo/protobuf:

Please review your rock to understand if it is affected by these CVEs.

Thank you for your rock and for attending to this matter.

References:
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-37219
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-38698



--
Mailing list: https://launchpad.net/~ubuntu-docker-images
Post to     : ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~ubuntu-docker-images
More help   : https://help.launchpad.net/ListHelp

Hello everyone!

Just a heads up that I am checking this one now.

I'd also like to confirm that I got the email in the list (so the issue
where the list was not receiving these emails seems to be fixed).

Moreover, thank you, Emilia, for including the names of the potentially
affected images in the subject. While not urgent, for the future, when
the number of published images gets higher, it would be nice to also
include the tags of those images!

Best regards,

--
Athos Ribeiro


Follow ups

References