Fix CVE-2022-41721 and CVE-2022-27664 #387

luksan47 · 2023-06-12T09:36:09Z

These CVEs come from the prometheus package through a vulnerable version of golang.org/x/net.

These versions are gone after updating prometheus by running:

go get -u github.com/prometheus/common

vmwclabot · 2023-06-12T09:36:11Z

@luksan47, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <[email protected]> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

Commit 2cd7beb must be signed by [email protected]

vmwclabot · 2023-06-12T09:37:27Z

@luksan47, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <[email protected]> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

Commit 76f99c6 must be signed by [email protected]

vmwclabot · 2023-06-12T09:37:48Z

@luksan47, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <[email protected]> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

Commit 76f99c6 must be signed by [email protected]
Commit 9d12807 must be signed by [email protected]

vmwclabot · 2023-06-12T10:40:18Z

@luksan47, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <[email protected]> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

Commit 7c0a668 must be signed by [email protected]

javiercri

LGTM

These CVEs come from the prometheus package through a vulnerable version of `golang.org/x/net`. These versions are gone after updating prometheus by running: ``` go get -u github.com/prometheus/common ``` Signed-off-by: Norbert Luksa <[email protected]>

vmwclabot added the dco-required label Jun 12, 2023

luksan47 force-pushed the cve-fix branch from 2cd7beb to 76f99c6 Compare June 12, 2023 09:37

javiercri self-requested a review June 12, 2023 09:37

luksan47 force-pushed the cve-fix branch from 9d12807 to a181c85 Compare June 12, 2023 09:38

vmwclabot removed the dco-required label Jun 12, 2023

vmwclabot added the dco-required label Jun 12, 2023

javiercri approved these changes Jun 12, 2023

View reviewed changes

luksan47 force-pushed the cve-fix branch from 7c0a668 to c21131a Compare June 12, 2023 14:58

vmwclabot removed the dco-required label Jun 12, 2023

javiercri merged commit 47ad1b3 into vmware:main Jun 12, 2023

luksan47 deleted the cve-fix branch June 12, 2023 15:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix CVE-2022-41721 and CVE-2022-27664 #387

Fix CVE-2022-41721 and CVE-2022-27664 #387

luksan47 commented Jun 12, 2023

vmwclabot commented Jun 12, 2023

vmwclabot commented Jun 12, 2023

vmwclabot commented Jun 12, 2023

vmwclabot commented Jun 12, 2023

javiercri left a comment

Fix CVE-2022-41721 and CVE-2022-27664 #387

Fix CVE-2022-41721 and CVE-2022-27664 #387

Conversation

luksan47 commented Jun 12, 2023

vmwclabot commented Jun 12, 2023

vmwclabot commented Jun 12, 2023

vmwclabot commented Jun 12, 2023

vmwclabot commented Jun 12, 2023

javiercri left a comment

Choose a reason for hiding this comment