On Thu, Jul 29, 2021 at 05:53:23PM -0400, Sergio Durigan Junior wrote:
On Thursday, July 29 2021, Athos Ribeiro wrote:
Finally, I did check that prometheus, telegraph, prometheus-alertmanager
and cortex should be the candidates to be afected here. So far,
prometheus and telegraph only use github.com/hashicorp/consul/api and
should not be afected.
FWIW, I filed the following bug against telegraf:
https://github.com/influxdata/telegraf/issues/9559
I also reported the CVE to the prometheus developers (they ask that
security issues be reported in private, so I don't have a bug number).
Athos will look into notifying the cortex and prometheus-alertmanager
developers tomorrow.
This is done.
I emailed the cortex team since they also ask that security related
topics should be discussed privately. For alertmanager, I just replied
in Sergio's thread about prometheus, given they use the same mailing
list for prometheus and alertmanager security issues.
Thanks,
--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14
--
Athos Ribeiro
--
Mailing list: https://launchpad.net/~ubuntu-docker-images
Post to : ubuntu-docker-images@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-docker-images
More help : https://help.launchpad.net/ListHelp
