[Git][security-tracker-team/security-tracker][master] new kubernetes issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b1238d80 by Moritz Muehlenhoff at 2025-03-18T10:52:37+01:00
new kubernetes issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -813,7 +813,10 @@ CVE-2025-24053 (Improper authentication in Microsoft Dataverse allows an authori
 CVE-2025-21104 (Dell NetWorker, 19.11.0.3 and below versions, contain(s) an Open Redir ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-1767 (This CVE only affects Kubernetes clusters that utilize the in-tree git ...)
-	TODO: check
+	- kubernetes 1.20.5+really1.20.2-1
+	NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
+	NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
+	NOTE: https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s
 CVE-2025-1652 (A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD ...)
 	NOT-FOR-US: Autodesk
 CVE-2025-1651 (A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1238d80ea3dd8a8678fb3a42059bc4c1a84a1d2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1238d80ea3dd8a8678fb3a42059bc4c1a84a1d2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250318/9b3ba568/attachment.htm>