[Git][security-tracker-team/security-tracker][master] add note on latest k8s upload stripping the server components, can be updated
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 14 08:55:23 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
add60ed9 by Moritz Muehlenhoff at 2021-06-14T09:53:50+02:00
add note on latest k8s upload stripping the server components, can be updated
to bullseye/not-affected once 1.20.5+really1.20.2-1 is in testing
remove one k8s isue, the vendored copy isn't used as an ssh server
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21452,6 +21452,7 @@ CVE-2021-25737
RESERVED
- kubernetes <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/4
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
CVE-2021-25736
RESERVED
- kubernetes <not-affected> (Windows-specific)
@@ -21460,6 +21461,7 @@ CVE-2021-25735 [Validating Admission Webhook does not observe some previous fiel
- kubernetes <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/1
NOTE: https://github.com/kubernetes/kubernetes/issues/100096
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
CVE-2021-25734
RESERVED
CVE-2021-25733
@@ -38299,11 +38301,9 @@ CVE-2020-29652 (A nil pointer dereference in the golang.org/x/crypto/ssh compone
- golang-go.crypto 1:0.0~git20201221.eec23a3-1
[buster] - golang-go.crypto <not-affected> (Vulnerable code not present)
[stretch] - golang-go.crypto <not-affected> (Vulnerable code not present)
- - kubernetes <unfixed>
NOTE: https://go-review.googlesource.com/c/crypto/+/278852
NOTE: https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
NOTE: Introduced in: https://github.com/golang/crypto/commit/cbcb750295291b33242907a04be40e80801d0cfc (2019-05-10)
- NOTE: k8s vendors a copy
CVE-2021-1985
RESERVED
CVE-2021-1984
@@ -93690,6 +93690,7 @@ CVE-2020-8562
RESERVED
- kubernetes <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/8
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
CVE-2020-8561
RESERVED
CVE-2020-8560
@@ -93714,6 +93715,7 @@ CVE-2020-8554 (Kubernetes API server in all versions allow an attacker who is ab
- kubernetes <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/5
NOTE: https://github.com/kubernetes/kubernetes/issues/97076
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
CVE-2020-8553 (The Kubernetes ingress-nginx component prior to version 0.28.0 allows ...)
NOT-FOR-US: Kubernetes ingress-nginx component
CVE-2020-8552 (The Kubernetes API server component in versions prior to 1.15.9, 1.16. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/add60ed9d252825ac57d3d81ab8911ac7a911444
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/add60ed9d252825ac57d3d81ab8911ac7a911444
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210614/6fb654a7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list