ubuntu-docker-images team mailing list archive

Thread
Date

CVEs potentially affecting upstream based ROCKs

To: ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx, emilia.torino@xxxxxxxxxxxxx, alex.murray@xxxxxxxxxxxxx, david.lane@xxxxxxxxxxxxx, paulo.smorigo@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, dylan.stephano-shachter@xxxxxxxxxxxxx
From: security-team-toolbox-bot@xxxxxxxxxxxxx
Date: Tue, 5 Nov 2024 05:10:38 +0000 (UTC)

New CVEs affecting packages used to build upstream based rocks have been
created in the Ubuntu CVE tracker:

* https://github.com/hashicorp/consul: CVE-2024-10005, CVE-2024-10006,
CVE-2024-10086

Please review your rock to understand if it is affected by these CVEs.

Thank you for your rock and for attending to this matter.

References:
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2024-10005
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2024-10006
https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2024-10086