Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
add60ed9 by Moritz Muehlenhoff at 2021-06-14T09:53:50+02:00
add note on latest k8s upload stripping the server components, can be updated
to bullseye/not-affected once 1.20.5+really1.20.2-1 is in testing
remove one k8s isue, the vendored copy isn't used as an ssh server
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21452,6 +21452,7 @@ CVE-2021-25737
RESERVED
- kubernetes <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/4
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
CVE-2021-25736
RESERVED
- kubernetes <not-affected> (Windows-specific)
@@ -21460,6 +21461,7 @@ CVE-2021-25735 [Validating Admission Webhook does not
observe some previous fiel
- kubernetes <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/1
NOTE: https://github.com/kubernetes/kubernetes/issues/100096
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
CVE-2021-25734
RESERVED
CVE-2021-25733
@@ -38299,11 +38301,9 @@ CVE-2020-29652 (A nil pointer dereference in the
golang.org/x/crypto/ssh compone
- golang-go.crypto 1:0.0~git20201221.eec23a3-1
[buster] - golang-go.crypto <not-affected> (Vulnerable code not present)
[stretch] - golang-go.crypto <not-affected> (Vulnerable code not
present)
- - kubernetes <unfixed>
NOTE: https://go-review.googlesource.com/c/crypto/+/278852
NOTE: https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
NOTE: Introduced in:
https://github.com/golang/crypto/commit/cbcb750295291b33242907a04be40e80801d0cfc
(2019-05-10)
- NOTE: k8s vendors a copy
CVE-2021-1985
RESERVED
CVE-2021-1984
@@ -93690,6 +93690,7 @@ CVE-2020-8562
RESERVED
- kubernetes <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/8
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
CVE-2020-8561
RESERVED
CVE-2020-8560
@@ -93714,6 +93715,7 @@ CVE-2020-8554 (Kubernetes API server in all versions
allow an attacker who is ab
- kubernetes <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/5
NOTE: https://github.com/kubernetes/kubernetes/issues/97076
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
CVE-2020-8553 (The Kubernetes ingress-nginx component prior to version 0.28.0
allows ...)
NOT-FOR-US: Kubernetes ingress-nginx component
CVE-2020-8552 (The Kubernetes API server component in versions prior to
1.15.9, 1.16. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/add60ed9d252825ac57d3d81ab8911ac7a911444
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/add60ed9d252825ac57d3d81ab8911ac7a911444
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
