Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE-2022-41721 and CVE-2022-27664 #387

Merged
merged 1 commit into from
Jun 12, 2023
Merged

Fix CVE-2022-41721 and CVE-2022-27664 #387

merged 1 commit into from
Jun 12, 2023

Conversation

luksan47
Copy link
Contributor

These CVEs come from the prometheus package through a vulnerable version of golang.org/x/net.

These versions are gone after updating prometheus by running:

go get -u github.com/prometheus/common

@vmwclabot
Copy link
Member

@luksan47, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

@vmwclabot
Copy link
Member

@luksan47, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

@vmwclabot
Copy link
Member

@luksan47, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

@javiercri javiercri self-requested a review June 12, 2023 09:37
@vmwclabot
Copy link
Member

@luksan47, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

javiercri
javiercri approved these changes Jun 12, 2023
View reviewed changes
Copy link
Contributor

@javiercri javiercri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@luksan47
Fix CVE-2022-41721 and CVE-2022-27664
c21131a 
These CVEs come from the prometheus package through a vulnerable version of `golang.org/x/net`.

These versions are gone after updating prometheus by running:
```
go get -u github.com/prometheus/common
```

Signed-off-by: Norbert Luksa <norbert.luksa@cloudera.com>
@javiercri javiercri merged commit 47ad1b3 into vmware:main Jun 12, 2023
1 check passed
@luksan47 luksan47 deleted the cve-fix branch June 12, 2023 15:39
lynn-e pushed a commit to lynn-e/kube-fluentd-operator that referenced this pull request Jun 27, 2023
@luksan47 @lynn-e
Fix CVE-2022-41721 and CVE-2022-27664 (vmware#387)
137a436 
These CVEs come from the prometheus package through a vulnerable version of `golang.org/x/net`.

These versions are gone after updating prometheus by running:
```
go get -u github.com/prometheus/common
```

Signed-off-by: Norbert Luksa <norbert.luksa@cloudera.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@javiercri javiercri javiercri approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@luksan47 @vmwclabot @javiercri