Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ddb1b24e by Salvatore Bonaccorso at 2020-04-20T21:13:37+02:00 Associate CVE-2019-1002162 with atomic-reactor The issue appears rather in use of atomic-reactor, where it's use of skopeo was changed to use the authfile option instead of using username and password to authenticate and so not leaking credentials in the logs for atomic-reactor. Cf. https://github.com/containerbuildsystem/atomic-reactor/pull/1186 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -56862,7 +56862,7 @@ CVE-2019-10263 (An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1 CVE-2019-10262 (A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_ ...) NOT-FOR-US: BlueCMS CVE-2019-1002162 - - skopeo <unfixed> + NOT-FOR-US: atomic-reactor CVE-2019-1002101 (The kubectl cp command allows copying files between containers and the ...) - kubernetes <not-affected> (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/kubernetes/kubernetes/commit/b1f85e2dfec6e64d8e1bc272251277df0058ab20 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddb1b24e42da04690b2075ff1b8aab0e64e03fbd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddb1b24e42da04690b2075ff1b8aab0e64e03fbd You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
