ubuntu-docker-images team mailing list archive

[Emilia Torino <emilia.torino@xxxxxxxxxxxxx>]

Hey all!

On 9/9/21 09:38, Athos Ribeiro wrote:
> On Thu, Sep 09, 2021 at 05:00:47AM +0000,
> security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
>> New CVEs affecting packages used to build upstream based rocks have been
>> created in the Ubuntu CVE tracker:
>>
>> * https://github.com/hashicorp/consul: CVE-2021-37219, CVE-2021-38698
>> * https://github.com/prometheus/prometheus:
>> * https://github.com/gogo/protobuf:
>>
>> Please review your rock to understand if it is affected by these CVEs.
>>
>> Thank you for your rock and for attending to this matter.
>>
>> References:
>> https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-37219
>> https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-38698
>>
>>
>>
>> -- 
>> Mailing list: https://launchpad.net/~ubuntu-docker-images
>> Post to     : ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~ubuntu-docker-images
>> More help   : https://help.launchpad.net/ListHelp
> 
> Hello everyone!
> 
> Just a heads up that I am checking this one now.
> 
> I'd also like to confirm that I got the email in the list (so the issue
> where the list was not receiving these emails seems to be fixed).

Amazing! thanks for letting us know.

> 
> Moreover, thank you, Emilia, for including the names of the potentially
> affected images in the subject. While not urgent, for the future, when
> the number of published images gets higher, it would be nice to also
> include the tags of those images!

Yeah we understand this service needs to be improved. We will be
discussing the security notification services provided by the sec team
with PM shortly and this issue is on the list of items to discuss. I
will let you know as soon as we have further news.

> 
> Best regards,
>