[Git][security-tracker-team/security-tracker][master] k8s fixed

Moritz Muehlenhoff Sun, 22 Mar 2020 05:28:08 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8f117ad1 by Moritz Muehlenhoff at 2020-03-22T13:27:21+01:00
k8s fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -50473,24 +50473,24 @@ CVE-2019-11255 (Improper input validation in 
Kubernetes CSI sidecar containers f
 CVE-2019-11254
        RESERVED
 CVE-2019-11253 (Improper input validation in the Kubernetes API server in 
versions v1. ...)
-       - kubernetes <unfixed>
+       - kubernetes 1.17.4-1
        NOTE: https://github.com/kubernetes/kubernetes/issues/83253
 CVE-2019-11252
        RESERVED
 CVE-2019-11251 (The Kubernetes kubectl cp command in versions 1.1-1.12, and 
versions p ...)
        - kubernetes <not-affected> (Vulnerable code not present)
 CVE-2019-11250 (The Kubernetes client-go library logs request headers at 
verbosity lev ...)
-       - kubernetes <unfixed> (bug #934801)
+       - kubernetes 1.17.4-1 (bug #934801)
        NOTE: https://github.com/kubernetes/kubernetes/issues/81114
 CVE-2019-11249 (The kubectl cp command allows copying files between containers 
and the ...)
        - kubernetes <not-affected> (Vulnerable code not present; incomplete 
fix not applied)
        NOTE: https://github.com/kubernetes/kubernetes/issues/80984
 CVE-2019-11248 (The debugging endpoint /debug/pprof is exposed over the 
unauthenticate ...)
-       - kubernetes <unfixed> (bug #934182)
+       - kubernetes 1.17.4-1 (bug #934182)
        NOTE: https://github.com/kubernetes/kubernetes/issues/81023
        NOTE: 
https://groups.google.com/forum/#!topic/kubernetes-security-announce/pKELclHIov8
 CVE-2019-11247 (The Kubernetes kube-apiserver mistakenly allows access to a 
cluster-sc ...)
-       - kubernetes <unfixed> (bug #933988)
+       - kubernetes 1.17.4-1 (bug #933988)
        NOTE: https://github.com/kubernetes/kubernetes/issues/80983
 CVE-2019-11246 (The kubectl cp command allows copying files between containers 
and the ...)
        - kubernetes <not-affected> (Vulnerable code not present; incomplete 
fix not applied)
@@ -56264,7 +56264,7 @@ CVE-2019-12439 (bubblewrap.c in Bubblewrap before 0.3.3 
misuses temporary direct
        NOTE: https://github.com/projectatomic/bubblewrap/issues/304
        NOTE: Negligable security impact
 CVE-2019-1002100 (In all Kubernetes versions prior to v1.11.8, v1.12.6, and 
v1.13.4, use ...)
-       - kubernetes <unfixed> (bug #923686)
+       - kubernetes 1.17.4-1 (bug #923686)
        NOTE: https://github.com/kubernetes/kubernetes/issues/74534
        NOTE: https://github.com/kubernetes/kubernetes/pull/74000
 CVE-2019-9548 (Citrix Application Delivery Management (ADM) 12.1.x before 
12.1.50.33  ...)
@@ -78170,7 +78170,7 @@ CVE-2018-1002104 (Versions &lt; 1.5 of the Kubernetes 
ingress default backend, w
 CVE-2018-1002103 (In Minikube versions 0.3.0-0.29.0, minikube exposes the 
Kubernetes Das ...)
        NOT-FOR-US: minikube
 CVE-2018-1002102 (Improper validation of URL redirection in the Kubernetes API 
server in ...)
-       - kubernetes <unfixed>
+       - kubernetes 1.17.4-1
        NOTE: https://github.com/kubernetes/kubernetes/issues/85867
 CVE-2018-19875
        RESERVED
@@ -78388,7 +78388,7 @@ CVE-2018-19810 (Cross Site Scripting exists in 
InfoVista VistaPortal SE Version
 CVE-2018-19809 (Cross Site Scripting exists in InfoVista VistaPortal SE 
Version 5.1 (b ...)
        NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-1002105 (In all Kubernetes versions prior to v1.10.11, v1.11.5, and 
v1.12.3, in ...)
-       - kubernetes <unfixed> (bug #915828)
+       - kubernetes 1.17.4-1 (bug #915828)
        NOTE: 
https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
        NOTE: https://github.com/kubernetes/kubernetes/issues/71411
 CVE-2018-19808
@@ -107655,7 +107655,7 @@ CVE-2018-10097 (XSS exists in Domain Trader 2.5.3 via 
the recoverlogin.php email
 CVE-2018-1000171
        REJECTED
 CVE-2018-1002100 (In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior 
to versio ...)
-       - kubernetes <unfixed> (bug #929225)
+       - kubernetes 1.17.4-1 (bug #929225)
        NOTE: https://github.com/kubernetes/kubernetes/issues/61297
        NOTE: 
https://github.com/kubernetes/kubernetes/commit/f180c969ccd47b9d00dbaf5cbd5b37eb8b49ae08
 (1.9.x)
 CVE-2018-1000170 (A cross-site scripting vulnerability exists in Jenkins 2.115 
and older ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f117ad158c95664b883fdf20e5c806185107d0f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f117ad158c95664b883fdf20e5c806185107d0f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] k8s fixed

Reply via email to