From 99ea79b990324f76ff6c6c6138cb392dcdd1de8c Mon Sep 17 00:00:00 2001 From: Philippe Deslauriers Date: Tue, 19 Dec 2023 10:28:06 -0800 Subject: [PATCH] Advisories for CVE-2023-48795 Signed-off-by: Philippe Deslauriers --- apko.advisories.yaml | 11 ++++++++++- argo-cd-2.7.advisories.yaml | 11 ++++++++++- argo-cd-2.8.advisories.yaml | 11 ++++++++++- argo-cd-2.9.advisories.yaml | 11 ++++++++++- argo-workflows.advisories.yaml | 11 ++++++++++- cadvisor.advisories.yaml | 11 ++++++++++- cert-manager-1.11.advisories.yaml | 11 ++++++++++- cert-manager-1.12.advisories.yaml | 11 ++++++++++- cert-manager-1.13.advisories.yaml | 11 ++++++++++- flux-helm-controller.advisories.yaml | 11 ++++++++++- flux-image-automation-controller.advisories.yaml | 11 ++++++++++- flux-image-reflector-controller.advisories.yaml | 11 ++++++++++- flux-kustomize-controller.advisories.yaml | 11 ++++++++++- flux-source-controller.advisories.yaml | 11 ++++++++++- flux.advisories.yaml | 11 ++++++++++- 15 files changed, 150 insertions(+), 15 deletions(-) diff --git a/apko.advisories.yaml b/apko.advisories.yaml index e341580e20..8356dd2bd2 100644 --- a/apko.advisories.yaml +++ b/apko.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: apko @@ -87,6 +87,15 @@ advisories: data: fixed-version: 0.11.3-r0 + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T16:56:36Z + type: fixed + data: + fixed-version: 0.12.0-r2 + - id: GHSA-jq35-85cj-fj4p events: - timestamp: 2023-10-31T20:03:39Z diff --git a/argo-cd-2.7.advisories.yaml b/argo-cd-2.7.advisories.yaml index 2bc9fd5c37..b478c604dc 100644 --- a/argo-cd-2.7.advisories.yaml +++ b/argo-cd-2.7.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: argo-cd-2.7 @@ -99,6 +99,15 @@ advisories: data: fixed-version: 2.7.15-r0 + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T18:22:31Z + type: fixed + data: + fixed-version: 2.7.15-r6 + - id: CVE-2023-5528 aliases: - GHSA-hq6q-c2x6-hmch diff --git a/argo-cd-2.8.advisories.yaml b/argo-cd-2.8.advisories.yaml index 8846db5f4d..a3ac903776 100644 --- a/argo-cd-2.8.advisories.yaml +++ b/argo-cd-2.8.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: argo-cd-2.8 @@ -89,6 +89,15 @@ advisories: data: fixed-version: 2.8.6-r2 + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T18:22:00Z + type: fixed + data: + fixed-version: 2.8.7-r5 + - id: CVE-2023-5528 aliases: - GHSA-hq6q-c2x6-hmch diff --git a/argo-cd-2.9.advisories.yaml b/argo-cd-2.9.advisories.yaml index b09f3e1610..863dbe6c93 100644 --- a/argo-cd-2.9.advisories.yaml +++ b/argo-cd-2.9.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: argo-cd-2.9 @@ -32,6 +32,15 @@ advisories: data: fixed-version: 2.9.2-r1 + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T18:23:00Z + type: fixed + data: + fixed-version: 2.9.3-r4 + - id: CVE-2023-5528 aliases: - GHSA-hq6q-c2x6-hmch diff --git a/argo-workflows.advisories.yaml b/argo-workflows.advisories.yaml index 0a2e7574cd..3ef88878d0 100644 --- a/argo-workflows.advisories.yaml +++ b/argo-workflows.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: argo-workflows @@ -33,6 +33,15 @@ advisories: data: fixed-version: 3.5.2-r1 + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T16:57:10Z + type: fixed + data: + fixed-version: 3.5.2-r3 + - id: GHSA-2c7c-3mj9-8fqh events: - timestamp: 2023-11-23T08:30:52Z diff --git a/cadvisor.advisories.yaml b/cadvisor.advisories.yaml index 759bcbd456..b596097da1 100644 --- a/cadvisor.advisories.yaml +++ b/cadvisor.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: "2" +schema-version: 2.0.2 package: name: cadvisor @@ -22,6 +22,15 @@ advisories: data: type: vulnerable-code-version-not-used + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T16:57:24Z + type: fixed + data: + fixed-version: 0.48.1-r3 + - id: GHSA-6xv5-86q9-7xr8 events: - timestamp: 2023-09-09T15:18:01Z diff --git a/cert-manager-1.11.advisories.yaml b/cert-manager-1.11.advisories.yaml index 49982cd40a..8d39406056 100644 --- a/cert-manager-1.11.advisories.yaml +++ b/cert-manager-1.11.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: cert-manager-1.11 @@ -62,6 +62,15 @@ advisories: data: fixed-version: 1.11.5-r6 + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T16:57:47Z + type: fixed + data: + fixed-version: 1.11.5-r9 + - id: GHSA-jq35-85cj-fj4p events: - timestamp: 2023-11-17T11:21:22Z diff --git a/cert-manager-1.12.advisories.yaml b/cert-manager-1.12.advisories.yaml index b9cacfd3de..daaecbb1f4 100644 --- a/cert-manager-1.12.advisories.yaml +++ b/cert-manager-1.12.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: cert-manager-1.12 @@ -52,6 +52,15 @@ advisories: data: fixed-version: 1.12.6-r1 + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T16:58:13Z + type: fixed + data: + fixed-version: 1.12.7-r2 + - id: GHSA-jq35-85cj-fj4p events: - timestamp: 2023-11-17T11:21:48Z diff --git a/cert-manager-1.13.advisories.yaml b/cert-manager-1.13.advisories.yaml index 89f14ab0ec..49193d767a 100644 --- a/cert-manager-1.13.advisories.yaml +++ b/cert-manager-1.13.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: cert-manager-1.13 @@ -52,6 +52,15 @@ advisories: data: fixed-version: 1.13.2-r1 + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T16:58:38Z + type: fixed + data: + fixed-version: 1.13.3-r1 + - id: GHSA-2c7c-3mj9-8fqh events: - timestamp: 2023-11-23T08:31:08Z diff --git a/flux-helm-controller.advisories.yaml b/flux-helm-controller.advisories.yaml index 524ee8f538..f8cf24c7ff 100644 --- a/flux-helm-controller.advisories.yaml +++ b/flux-helm-controller.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: flux-helm-controller @@ -62,6 +62,15 @@ advisories: type: vulnerable-code-not-included-in-package note: Only affects Windows + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T16:59:03Z + type: fixed + data: + fixed-version: 0.37.1-r1 + - id: GHSA-6xv5-86q9-7xr8 events: - timestamp: 2023-09-09T15:18:03Z diff --git a/flux-image-automation-controller.advisories.yaml b/flux-image-automation-controller.advisories.yaml index a256f68908..d71968d847 100644 --- a/flux-image-automation-controller.advisories.yaml +++ b/flux-image-automation-controller.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: flux-image-automation-controller @@ -42,6 +42,15 @@ advisories: type: vulnerable-code-not-included-in-package note: Only affects Windows + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T16:59:23Z + type: fixed + data: + fixed-version: 0.37.0-r2 + - id: GHSA-6xv5-86q9-7xr8 events: - timestamp: 2023-09-09T15:18:06Z diff --git a/flux-image-reflector-controller.advisories.yaml b/flux-image-reflector-controller.advisories.yaml index 41e61b6600..fd1fae21f7 100644 --- a/flux-image-reflector-controller.advisories.yaml +++ b/flux-image-reflector-controller.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: flux-image-reflector-controller @@ -42,6 +42,15 @@ advisories: type: vulnerable-code-not-included-in-package note: Only affects Windows + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T16:59:41Z + type: fixed + data: + fixed-version: 0.31.1-r1 + - id: GHSA-jq35-85cj-fj4p events: - timestamp: 2023-10-31T20:03:46Z diff --git a/flux-kustomize-controller.advisories.yaml b/flux-kustomize-controller.advisories.yaml index ed0ded497d..5d9c910e68 100644 --- a/flux-kustomize-controller.advisories.yaml +++ b/flux-kustomize-controller.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: flux-kustomize-controller @@ -52,6 +52,15 @@ advisories: type: vulnerable-code-not-included-in-package note: Only affects Windows + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T16:59:56Z + type: fixed + data: + fixed-version: 1.2.1-r1 + - id: GHSA-2c7c-3mj9-8fqh events: - timestamp: 2023-11-23T08:32:23Z diff --git a/flux-source-controller.advisories.yaml b/flux-source-controller.advisories.yaml index f050d062f3..2d46a90454 100644 --- a/flux-source-controller.advisories.yaml +++ b/flux-source-controller.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: flux-source-controller @@ -61,6 +61,15 @@ advisories: data: note: Pending upstream fix, this will require more upgrades in the code to support the cosign update. GitHub Issue https://github.com/fluxcd/source-controller/pull/1280 + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T17:00:24Z + type: fixed + data: + fixed-version: 1.2.3-r1 + - id: GHSA-2c7c-3mj9-8fqh events: - timestamp: 2023-11-23T08:32:38Z diff --git a/flux.advisories.yaml b/flux.advisories.yaml index 1711ea1806..bf159b4d90 100644 --- a/flux.advisories.yaml +++ b/flux.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: flux @@ -42,6 +42,15 @@ advisories: type: vulnerable-code-not-included-in-package note: Only affects Windows + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T17:00:35Z + type: fixed + data: + fixed-version: 2.2.1-r1 + - id: GHSA-jq35-85cj-fj4p events: - timestamp: 2023-10-31T20:03:44Z