On Thursday, July 29 2021, Athos Ribeiro wrote: > Finally, I did check that prometheus, telegraph, prometheus-alertmanager > and cortex should be the candidates to be afected here. So far, > prometheus and telegraph only use github.com/hashicorp/consul/api and > should not be afected.
FWIW, I filed the following bug against telegraf: https://github.com/influxdata/telegraf/issues/9559 I also reported the CVE to the prometheus developers (they ask that security issues be reported in private, so I don't have a bug number). Athos will look into notifying the cortex and prometheus-alertmanager developers tomorrow. Thanks, -- Sergio GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14 -- Mailing list: https://launchpad.net/~ubuntu-docker-images Post to : ubuntu-docker-images@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-docker-images More help : https://help.launchpad.net/ListHelp
