fix(tools/quorum-all-in-one): address CVE-2021-36159 and CVE-2022-28391 #2240
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aldousalvarez
requested review from
petermetz,
takeutak,
izuru0,
jagpreetsinghsasan and
sandeepnRES
as code owners
|
Hello @petermetz , Most of the vulnerabilities are now fixed in quorum-all-in-one but there are still some that are not because most of the remaining vulnerabilities are still new and is still waiting for the new changes to be pulled in and released on their respective package versions. And we tried to ask on the quorum discussions on github as you can see here. (Consensys/quorum#1513). Here are the remaining vulnerabilities for quorum-all-in-one: |
petermetz
requested changes
Dec 24, 2022
There was a problem hiding this comment.
@aldousalvarez Please fix the container build, right now it's broken.
aldousalvarez
force-pushed
the
aldousalvarez/issue2059
branch
7 times, most recently
from
f47a286
to
fc2b35f
Compare
|
Fixed the container build and is now passing |
aldousalvarez
requested review from
petermetz
and removed request for
sandeepnRES,
jagpreetsinghsasan,
takeutak and
izuru0
aldousalvarez
force-pushed
the
aldousalvarez/issue2059
branch
from
fc2b35f
to
59ed0fe
Compare
petermetz
approved these changes
Mar 27, 2023
petermetz
requested review from
takeutak,
izuru0,
jagpreetsinghsasan and
sandeepnRES
petermetz
force-pushed
the
aldousalvarez/issue2059
branch
from
59ed0fe
to
77bddb7
Compare
takeutak
approved these changes
Apr 6, 2023
Other, lower severity vulnerabilities are also being addressed by this change but the two big ones are the critical severity ones mentioned in the commit subject. Most of the vulnerabilities are now fixed in quorum-all-in-one but there are still some that are not because most of the remaining vulnerabilities are still new and is still waiting for the new changes to be pulled in and released on their respective package versions. And we tried to ask on the quorum discussions on github as you can see here. (Consensys/quorum#1513). Here are the remaining vulnerabilities for quorum-all-in-one: CVE-2022-3602 CVE-2022-3786 CVE-2022-3602 CVE-2022-3786 CVE-2022-42003 CVE-2022-42004 CVE-2022-45868 CVE-2022-1471 CVE-2022-21698 CVE-2022-27664 CVE-2022-32149 CVE-2022-21698 CVE-2022-27664 CVE-2022-32149 Fixes hyperledger#2059 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
force-pushed
the
aldousalvarez/issue2059
branch
from
77bddb7
to
df6be48
Compare
petermetz
changed the title
ruzell22
added a commit
to ruzell22/cactus
that referenced
this pull request
Jul 12, 2023
…rledger#2411 fixes: hyperledger#2411 related to: hyperledger#2240 and hyperledger#2274 Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
petermetz
pushed a commit
to ruzell22/cactus
that referenced
this pull request
Jul 16, 2023
…rledger#2411 fixes: hyperledger#2411 related to: hyperledger#2240 and hyperledger#2274 Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
petermetz
pushed a commit
that referenced
this pull request
Jul 16, 2023
sandeepnRES
pushed a commit
to sandeepnRES/cacti
that referenced
this pull request
Dec 21, 2023
…rledger#2411 fixes: hyperledger#2411 related to: hyperledger#2240 and hyperledger#2274 Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Other, lower severity vulnerabilities are also being addressed by this
change but the two big ones are the critical severity ones mentioned
in the commit subject.
Most of the vulnerabilities are now fixed in quorum-all-in-one but
there are still some that are not because most of the remaining
vulnerabilities are still new and is still waiting for the new changes
to be pulled in and released on their respective package versions.
And we tried to ask on the quorum discussions on github as you can
see here. (Consensys/quorum#1513).
Here are the remaining vulnerabilities for quorum-all-in-one:
CVE-2022-3602
CVE-2022-3786
CVE-2022-3602
CVE-2022-3786
CVE-2022-42003
CVE-2022-42004
CVE-2022-45868
CVE-2022-1471
CVE-2022-21698
CVE-2022-27664
CVE-2022-32149
CVE-2022-21698
CVE-2022-27664
CVE-2022-32149
Fixes #2059
Signed-off-by: aldousalvarez aldousss.alvarez@gmail.com
Signed-off-by: Peter Somogyvari peter.somogyvari@accenture.com