ubuntu-docker-images team mailing list archive

Thread
Date

Re: Fwd: CVEs potentially affecting cortex and telegraf

To: Emilia Torino <emilia.torino@xxxxxxxxxxxxx>
From: Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>
Date: Tue, 14 Dec 2021 11:31:01 -0300
Cc: ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CABYK4ixcD-FD2uQxGTuWx4JgH_W=ViBf+ZfTJgs6Lf5zMH2gKQ@mail.gmail.com>

On Tue, Dec 14, 2021 at 09:18:27AM -0300, Emilia Torino wrote:

---------- Forwarded message ---------
From: <security-team-toolbox-bot@xxxxxxxxxxxxx>
Date: Tue, Dec 14, 2021 at 2:01 AM
Subject: CVEs potentially affecting cortex and telegraf
To: <ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx>, <
sergio.durigan@xxxxxxxxxxxxx>, <emilia.torino@xxxxxxxxxxxxx>, <
alex.murray@xxxxxxxxxxxxx>

New CVEs affecting packages used to build upstream based rocks have been
created in the Ubuntu CVE tracker:

* https://github.com/gogo/protobuf:
* https://github.com/hashicorp/consul: CVE-2021-41805
* https://github.com/prometheus/prometheus:

Please review your rock to understand if it is affected by these CVEs.

Thank you for your rock and for attending to this matter.

References:
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-41805

--
Mailing list: https://launchpad.net/~ubuntu-docker-images
Post to     : ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~ubuntu-docker-images
More help   : https://help.launchpad.net/ListHelp


Hi Emilia,

Thanks for forwarding this one :)

I will assess this CVE and verify if there are any actions needed in our
end.

--
Athos Ribeiro

References

CVEs potentially affecting cortex and telegraf
From: security-team-toolbox-bot, 2021-12-14
Fwd: CVEs potentially affecting cortex and telegraf
From: Emilia Torino, 2021-12-14