Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5a97713d by Moritz Muehlenhoff at 2022-07-13T14:15:01+02:00
k8s updates
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -97118,23 +97118,24 @@ CVE-2021-25743 (kubectl does not neutralize escape,
meta or control sequences co
CVE-2021-25742 (A security issue was discovered in ingress-nginx where a user
that can ...)
NOT-FOR-US: Kubernetes ingress-nginx component
CVE-2021-25741 (A security issue was discovered in Kubernetes where a user may
be able ...)
- - kubernetes <unfixed>
- [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only
ships the client)
- NOTE: Server components no longer built since 1.20.5+really1.20.2-1
+ - kubernetes 1.20.5+really1.20.2-1
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1,
marking that as fixed version
+ NOTE: The source package itself it still vulnerable, but custom
rebuilds are not really a usecase here
NOTE: https://github.com/kubernetes/kubernetes/issues/104980
CVE-2021-25740 (A security issue was discovered with Kubernetes that could
enable user ...)
- - kubernetes <unfixed>
- [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only
ships the client)
+ - kubernetes 1.20.5+really1.20.2-1
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1,
marking that as fixed version
+ NOTE: The source package itself it still vulnerable, but custom
rebuilds are not really a usecase here
NOTE: https://www.openwall.com/lists/oss-security/2021/07/14/1
CVE-2021-25739
RESERVED
CVE-2021-25738 (Loading specially-crafted yaml with the Kubernetes Java Client
library ...)
NOT-FOR-US: Kubernetes Java client
CVE-2021-25737 (A security issue was discovered in Kubernetes where a user may
be able ...)
- - kubernetes <unfixed> (bug #990793)
- [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only
ships the client)
+ - kubernetes 1.20.5+really1.20.2-1 (bug #990793)
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1,
marking that as fixed version
+ NOTE: The source package itself it still vulnerable, but custom
rebuilds are not really a usecase here
NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/4
- NOTE: Server components no longer built since 1.20.5+really1.20.2-1
CVE-2021-25736
RESERVED
- kubernetes <not-affected> (Windows-specific)
@@ -171287,9 +171288,9 @@ CVE-2020-8562 (As mitigations to a report from 2019
and CVE-2020-8555, Kubernete
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/8
NOTE: Server components no longer built since 1.20.5+really1.20.2-1
CVE-2020-8561 (A security issue was discovered in Kubernetes where actors that
contro ...)
- - kubernetes <unfixed>
- [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only
ships the client)
- NOTE: Server components no longer built since 1.20.5+really1.20.2-1
+ - kubernetes 1.20.5+really1.20.2-1
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1,
marking that as fixed version
+ NOTE: The source package itself it still vulnerable, but custom
rebuilds are not really a usecase here
NOTE: https://github.com/kubernetes/kubernetes/issues/104720
CVE-2020-8560
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a97713d1ca121404cf1b3248ea7446a5a4ce49d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a97713d1ca121404cf1b3248ea7446a5a4ce49d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
