Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerabilities found in latest release #1742

Open
github-actions bot opened this issue Dec 2, 2024 · 0 comments
Open

Vulnerabilities found in latest release #1742

github-actions bot opened this issue Dec 2, 2024 · 0 comments
Labels
release-vulnerabilities Issues for vulnerabilities in the latest release.

Comments

@github-actions
Copy link
Contributor

github-actions bot commented Dec 2, 2024

ghcr.io/shipwright-io/build/bundle:v0.14.0@sha256:d921fbbfd7d87bd43a5a3cecf9039c6a65306cf1ce9ee307c55ce522f7d86af2

OS vulnerabilities

Vulnerability Package Severity Version
CVE-2024-3596 krb5-libs high 1.21.1-2.el9_4 -> 1.21.1-4.el9_5
CVE-2024-26462 krb5-libs medium 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-26458 krb5-libs low 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-26461 krb5-libs low 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-2236 libgcrypt medium 1.10.0-10.el9_2 -> 1.10.0-11.el9
CVE-2024-2511 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-4603 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-4741 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-5535 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5

Go vulnerabilities

No vulnerabilities found.

ghcr.io/shipwright-io/build/git:v0.14.0@sha256:81a8c0572364836b7f4728cfcb10a93326b06c9ae45bb57e56eec6e80469dd63

OS vulnerabilities

Vulnerability Package Severity Version
CVE-2024-50602 expat medium 2.5.0-2.el9_4.1 -> 2.5.0-3.el9_5.1
CVE-2024-3596 krb5-libs high 1.21.1-2.el9_4 -> 1.21.1-4.el9_5
CVE-2024-26462 krb5-libs medium 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-26458 krb5-libs low 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-26461 krb5-libs low 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-2236 libgcrypt medium 1.10.0-10.el9_2 -> 1.10.0-11.el9
CVE-2024-2511 openssl low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-4603 openssl low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-4741 openssl low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-5535 openssl low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-2511 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-4603 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-4741 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-5535 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-10963 pam high 1.5.1-19.el9 -> 1.5.1-22.el9_5

Go vulnerabilities

Vulnerability Package Version
GO-2024-3321 golang.org/x/crypto v0.28.0 -> v0.31.0

ghcr.io/shipwright-io/build/image-processing:v0.14.0@sha256:6532c8a246b3b9f433f758627230d62eb624baf58e309fbe106840209ed4c9b9

OS vulnerabilities

Vulnerability Package Severity Version
CVE-2024-3596 krb5-libs high 1.21.1-2.el9_4 -> 1.21.1-4.el9_5
CVE-2024-26462 krb5-libs medium 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-26458 krb5-libs low 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-26461 krb5-libs low 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-2236 libgcrypt medium 1.10.0-10.el9_2 -> 1.10.0-11.el9
CVE-2024-2511 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-4603 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-4741 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-5535 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5

Go vulnerabilities

No vulnerabilities found.

ghcr.io/shipwright-io/build/shipwright-build-controller:v0.14.0@sha256:f38b9266889be7e81a5f66d371da39506071719217207718b56c1297589f6a4f

OS vulnerabilities

Vulnerability Package Severity Version
CVE-2024-3596 krb5-libs high 1.21.1-2.el9_4 -> 1.21.1-4.el9_5
CVE-2024-26462 krb5-libs medium 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-26458 krb5-libs low 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-26461 krb5-libs low 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-2236 libgcrypt medium 1.10.0-10.el9_2 -> 1.10.0-11.el9
CVE-2024-2511 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-4603 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-4741 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-5535 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5

Go vulnerabilities

Vulnerability Package Version
GO-2024-3321 golang.org/x/crypto v0.28.0 -> v0.31.0

ghcr.io/shipwright-io/build/shipwright-build-webhook:v0.14.0@sha256:aa7bd77d7884efb03bbbecbc249f92fcbcf85c1150ce11cae4eb751457a3cbb6

OS vulnerabilities

Vulnerability Package Severity Version
CVE-2024-3596 krb5-libs high 1.21.1-2.el9_4 -> 1.21.1-4.el9_5
CVE-2024-26462 krb5-libs medium 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-26458 krb5-libs low 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-26461 krb5-libs low 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-2236 libgcrypt medium 1.10.0-10.el9_2 -> 1.10.0-11.el9
CVE-2024-2511 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-4603 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-4741 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-5535 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5

Go vulnerabilities

No vulnerabilities found.

ghcr.io/shipwright-io/build/waiter:v0.14.0@sha256:4e9c45f8ebd723a07ceef9c6bc3b8727a0fd8149de7bee60d6ebae634bfedec9

OS vulnerabilities

Vulnerability Package Severity Version
CVE-2024-3596 krb5-libs high 1.21.1-2.el9_4 -> 1.21.1-4.el9_5
CVE-2024-26462 krb5-libs medium 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-26458 krb5-libs low 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-26461 krb5-libs low 1.21.1-2.el9_4 -> 1.21.1-3.el9
CVE-2024-2236 libgcrypt medium 1.10.0-10.el9_2 -> 1.10.0-11.el9
CVE-2024-2511 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-4603 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-4741 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5
CVE-2024-5535 openssl-libs low 1:3.0.7-28.el9_4 -> 1:3.2.2-6.el9_5

Go vulnerabilities

No vulnerabilities found.

@github-actions github-actions bot added the release-vulnerabilities Issues for vulnerabilities in the latest release. label Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release-vulnerabilities Issues for vulnerabilities in the latest release.
Projects
None yet
Development

No branches or pull requests

0 participants