[Git][security-tracker-team/security-tracker][master] k8s fixed

Moritz Muehlenhoff jmm at debian.org
Sun Mar 22 12:27:41 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8f117ad1 by Moritz Muehlenhoff at 2020-03-22T13:27:21+01:00
k8s fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -50473,24 +50473,24 @@ CVE-2019-11255 (Improper input validation in Kubernetes CSI sidecar containers f
 CVE-2019-11254
 	RESERVED
 CVE-2019-11253 (Improper input validation in the Kubernetes API server in versions v1. ...)
-	- kubernetes <unfixed>
+	- kubernetes 1.17.4-1
 	NOTE: https://github.com/kubernetes/kubernetes/issues/83253
 CVE-2019-11252
 	RESERVED
 CVE-2019-11251 (The Kubernetes kubectl cp command in versions 1.1-1.12, and versions p ...)
 	- kubernetes <not-affected> (Vulnerable code not present)
 CVE-2019-11250 (The Kubernetes client-go library logs request headers at verbosity lev ...)
-	- kubernetes <unfixed> (bug #934801)
+	- kubernetes 1.17.4-1 (bug #934801)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/81114
 CVE-2019-11249 (The kubectl cp command allows copying files between containers and the ...)
 	- kubernetes <not-affected> (Vulnerable code not present; incomplete fix not applied)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/80984
 CVE-2019-11248 (The debugging endpoint /debug/pprof is exposed over the unauthenticate ...)
-	- kubernetes <unfixed> (bug #934182)
+	- kubernetes 1.17.4-1 (bug #934182)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/81023
 	NOTE: https://groups.google.com/forum/#!topic/kubernetes-security-announce/pKELclHIov8
 CVE-2019-11247 (The Kubernetes kube-apiserver mistakenly allows access to a cluster-sc ...)
-	- kubernetes <unfixed> (bug #933988)
+	- kubernetes 1.17.4-1 (bug #933988)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/80983
 CVE-2019-11246 (The kubectl cp command allows copying files between containers and the ...)
 	- kubernetes <not-affected> (Vulnerable code not present; incomplete fix not applied)
@@ -56264,7 +56264,7 @@ CVE-2019-12439 (bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary direct
 	NOTE: https://github.com/projectatomic/bubblewrap/issues/304
 	NOTE: Negligable security impact
 CVE-2019-1002100 (In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, use ...)
-	- kubernetes <unfixed> (bug #923686)
+	- kubernetes 1.17.4-1 (bug #923686)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/74534
 	NOTE: https://github.com/kubernetes/kubernetes/pull/74000
 CVE-2019-9548 (Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33  ...)
@@ -78170,7 +78170,7 @@ CVE-2018-1002104 (Versions < 1.5 of the Kubernetes ingress default backend, w
 CVE-2018-1002103 (In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Das ...)
 	NOT-FOR-US: minikube
 CVE-2018-1002102 (Improper validation of URL redirection in the Kubernetes API server in ...)
-	- kubernetes <unfixed>
+	- kubernetes 1.17.4-1
 	NOTE: https://github.com/kubernetes/kubernetes/issues/85867
 CVE-2018-19875
 	RESERVED
@@ -78388,7 +78388,7 @@ CVE-2018-19810 (Cross Site Scripting exists in InfoVista VistaPortal SE Version
 CVE-2018-19809 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
 	NOT-FOR-US: InfoVista VistaPortal SE
 CVE-2018-1002105 (In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, in ...)
-	- kubernetes <unfixed> (bug #915828)
+	- kubernetes 1.17.4-1 (bug #915828)
 	NOTE: https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
 	NOTE: https://github.com/kubernetes/kubernetes/issues/71411
 CVE-2018-19808
@@ -107655,7 +107655,7 @@ CVE-2018-10097 (XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email
 CVE-2018-1000171
 	REJECTED
 CVE-2018-1002100 (In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to versio ...)
-	- kubernetes <unfixed> (bug #929225)
+	- kubernetes 1.17.4-1 (bug #929225)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/61297
 	NOTE: https://github.com/kubernetes/kubernetes/commit/f180c969ccd47b9d00dbaf5cbd5b37eb8b49ae08 (1.9.x)
 CVE-2018-1000170 (A cross-site scripting vulnerability exists in Jenkins 2.115 and older ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f117ad158c95664b883fdf20e5c806185107d0f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f117ad158c95664b883fdf20e5c806185107d0f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200322/2e006d44/attachment.html>

More information about the debian-security-tracker-commits mailing list