Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: CVE-2021-43618 in Ubuntu image #256

Merged
merged 2 commits into from
Dec 21, 2021
Merged

fix: CVE-2021-43618 in Ubuntu image #256

merged 2 commits into from
Dec 21, 2021

Conversation

andyzhangx
Copy link
Member

@andyzhangx andyzhangx commented Dec 19, 2021
edited

What type of PR is this?
/kind bug

What this PR does / why we need it:
fix: CVE-2021-43618 in Ubuntu image
This PR also adds node.mountPermissions in chart

Which issue(s) this PR fixes:

Fixes #

Requirements:

Special notes for your reviewer:

test/nfs-csi:latest (debian 11.0)
=======================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

+----------+------------------+----------+-------------------+------------------------+---------------------------------------+
| LIBRARY  | VULNERABILITY ID | SEVERITY | INSTALLED VERSION |     FIXED VERSION      |                 TITLE                 |
+----------+------------------+----------+-------------------+------------------------+---------------------------------------+
| libgmp10 | CVE-2021-43618   | HIGH     | 2:6.2.1+dfsg-1    | 2:6.2.1+dfsg-1+deb11u1 | gmp: Integer overflow and resultant   |
|          |                  |          |                   |                        | buffer overflow via crafted input     |
|          |                  |          |                   |                        | -->avd.aquasec.com/nvd/cve-2021-43618 |
+----------+------------------+----------+-------------------+------------------------+---------------------------------------+

Release note:

fix: CVE-2021-43618 in Ubuntu image

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/bug Categorizes issue or PR as related to a bug. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Dec 19, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyzhangx

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Dec 19, 2021
@coveralls
Copy link

coveralls commented Dec 19, 2021
edited

Pull Request Test Coverage Report for Build 1601028895

  • 4 of 7 (57.14%) changed or added relevant lines in 2 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.3%) to 78.088%
Changes Missing Coverage Covered Lines Changed/Added Lines %
pkg/nfs/nodeserver.go 0 1 0.0%
pkg/nfs/controllerserver.go 4 6 66.67%
Totals Coverage Status
Change from base Build 1583049639: -0.3%
Covered Lines: 531
Relevant Lines: 680
💛 - Coveralls

@andyzhangx andyzhangx force-pushed the libgmp10 branch 2 times, most recently from 759c2d6 to 39a8941 Compare December 20, 2021 01:56
@andyzhangx
Copy link
Member Author

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 20, 2021
@andyzhangx andyzhangx force-pushed the libgmp10 branch 3 times, most recently from 8aa75bd to 82373de Compare December 20, 2021 03:23
@andyzhangx
feat: add node.mountPermissions in chart
0e3ede5 
fix controller

update chart

fix chart

update chart

update chart

fix mountPermissions
@andyzhangx
Copy link
Member Author

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 20, 2021
@andyzhangx andyzhangx merged commit 532b0a9 into kubernetes-csi:master Dec 21, 2021
@pawcykca pawcykca mentioned this pull request Nov 16, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrishenzie chrishenzie Awaiting requested review from chrishenzie

@Jiawei0227 Jiawei0227 Awaiting requested review from Jiawei0227

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@andyzhangx @k8s-ci-robot @coveralls