← Back to team overview

ubuntu-docker-images team mailing list archive

Thread
Date

Re: CVEs potentially affecting upstream based ROCKs

To: emilia.torino@xxxxxxxxxxxxx
From: Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>
Date: Tue, 5 Dec 2023 08:56:23 -0300
Cc: alex.murray@xxxxxxxxxxxxx, david.lane@xxxxxxxxxxxxx, paulo.smorigo@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, dylan.stephano-shachter@xxxxxxxxxxxxx
In-reply-to: <20231205050624.EF24D52608B2@appleby.internal>

On Tue, Dec 05, 2023 at 05:06:24AM +0000, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:

New CVEs affecting packages used to build upstream based rocks have been
created in the Ubuntu CVE tracker:

* https://github.com/hashicorp/consul: CVE-2023-5332

Please review your rock to understand if it is affected by these CVEs.

Thank you for your rock and for attending to this matter.

References:
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2023-5332


Hi Emilia,

I suppose these warnings used to have the potentially affected image
names in the title IIRC. Is this right? If so, could we have that
feature back? If not, would it be possible to add that?

--
Athos Ribeiro

Follow ups

Re: CVEs potentially affecting upstream based ROCKs
From: Emilia Torino, 2023-12-05

References

CVEs potentially affecting upstream based ROCKs
From: security-team-toolbox-bot, 2023-12-05