New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kube-fluentd-operator/1.18.2-r7: cve remediation #18706
kube-fluentd-operator/1.18.2-r7: cve remediation #18706
Conversation
Package kube-fluentd-operator-compat: Click to expand/collapsePackage kube-fluentd-operator-compat: Package kube-fluentd-operator: Click to expand/collapsePackage kube-fluentd-operator: Package kube-fluentd-operator-oci-entrypoint: Click to expand/collapsePackage kube-fluentd-operator-oci-entrypoint: Package kube-fluentd-operator-default-config: Click to expand/collapsePackage kube-fluentd-operator-default-config: bincapz found differences: Click to expand/collapseDeleted: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/i18n-1.14.4/lib/i18n/tests/interpolation.rb [
|
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(" |
Deleted: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/i18n-1.14.4/lib/i18n/backend/cache.rb [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | builtin/openssl | this binary includes OpenSSL source code | OpenSSL/ |
-LOW | ref/site/url | contains embedded HTTPS URLs | https://ruby-doc.org/stdlib/libdoc/openssl/rdoc/OpenSSL/Digest.html https://www.ruby-doc.org/core/classes/Object.html |
Deleted: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/i18n-1.14.4/lib/i18n/backend/pluralization.rb [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-LOW | ref/site/url | contains embedded HTTPS URLs | ruby-i18n/i18n#629 https://unicode-org.github.io/cldr/ldml/tr35-numbers.html |
Deleted: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/bigdecimal-3.1.7/sample/linear.rb [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | exec/program | executes external programs | system( |
-MEDIUM | ref/path/usr/local | path reference within /usr/local/bin | /usr/local/bin/ruby |
Deleted: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/i18n-1.14.4/lib/i18n/interpolate/ruby.rb [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-LOW | ref/site/url | contains embedded HTTP URLs | http://github.com/mutoh/gettext/blob/f6566738b981fe0952548c421042ad1e0cd |
Deleted: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/i18n-1.14.4/lib/i18n/backend/cascade.rb [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-LOW | ref/site/url | contains embedded HTTP URLs | http://github.com/clemens/i18n-cascading-backend |
Deleted: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/bigdecimal-3.1.7/sample/pi.rb [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | ref/path/usr/local | path reference within /usr/local/bin | /usr/local/bin/ruby |
Deleted: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/i18n-1.14.4/lib/i18n/backend/base.rb [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-LOW | encoding/json/decode | decodes JSON messages | JSON.parse |
Deleted: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/bigdecimal-3.1.7/ext/bigdecimal/bigdecimal.c [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-LOW | ref/site/url | contains embedded HTTPS URLs | https://docs.ruby-lang.org/en/master/BigDecimal.html https://github.com/flori/json |
Deleted: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/bigdecimal-3.1.7/ext/bigdecimal/missing/dtoa.c [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | exec/shell_command | execute a shell command | system |
Deleted: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/bigdecimal-3.1.7/sample/nlsolve.rb [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-MEDIUM | ref/path/usr/local | path reference within /usr/local/bin | /usr/local/bin/ruby |
Deleted: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/i18n-1.14.4/lib/i18n/locale/tag/rfc4646.rb [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
-LOW | ref/site/url | contains embedded HTTP URLs | http://en.wikipedia.org/wiki/IETF_language_tag |
Added: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/i18n-1.14.5/lib/i18n/backend/cache.rb [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | builtin/openssl | this binary includes OpenSSL source code | OpenSSL/ |
+LOW | ref/site/url | contains embedded HTTPS URLs | https://ruby-doc.org/stdlib/libdoc/openssl/rdoc/OpenSSL/Digest.html https://www.ruby-doc.org/core/classes/Object.html |
Added: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/i18n-1.14.5/lib/i18n/tests/interpolation.rb [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | techniques/code_eval | evaluate code dynamically using eval() | eval(" |
Added: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/i18n-1.14.5/lib/i18n/backend/cascade.rb [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | ref/site/url | contains embedded HTTP URLs | http://github.com/clemens/i18n-cascading-backend |
Added: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/i18n-1.14.5/lib/i18n/locale/tag/rfc4646.rb [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | ref/site/url | contains embedded HTTP URLs | http://en.wikipedia.org/wiki/IETF_language_tag |
Added: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/bigdecimal-3.1.8/ext/bigdecimal/missing/dtoa.c [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | exec/shell_command | execute a shell command | system |
Added: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/i18n-1.14.5/lib/i18n/backend/pluralization.rb [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | ref/site/url | contains embedded HTTPS URLs | ruby-i18n/i18n#629 https://unicode-org.github.io/cldr/ldml/tr35-numbers.html |
Added: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/i18n-1.14.5/lib/i18n/backend/base.rb [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | encoding/json/decode | decodes JSON messages | JSON.parse |
Added: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/bigdecimal-3.1.8/sample/nlsolve.rb [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | ref/path/usr/local | path reference within /usr/local/bin | /usr/local/bin/ruby |
Added: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/bigdecimal-3.1.8/ext/bigdecimal/bigdecimal.c [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | ref/site/url | contains embedded HTTPS URLs | https://docs.ruby-lang.org/en/master/BigDecimal.html https://github.com/flori/json |
Added: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/bigdecimal-3.1.8/sample/pi.rb [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | ref/path/usr/local | path reference within /usr/local/bin | /usr/local/bin/ruby |
Added: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/bigdecimal-3.1.8/sample/linear.rb [⚠️ MEDIUM]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+MEDIUM | exec/program | executes external programs | system( |
+MEDIUM | ref/path/usr/local | path reference within /usr/local/bin | /usr/local/bin/ruby |
Added: kube-fluentd-operator/usr/lib/ruby/gems/3.2.0/ruby/3.2.0/gems/i18n-1.14.5/lib/i18n/interpolate/ruby.rb [✅ LOW]
RISK | KEY | DESCRIPTION | EVIDENCE |
---|---|---|---|
+LOW | ref/site/url | contains embedded HTTP URLs | http://github.com/mutoh/gettext/blob/f6566738b981fe0952548c421042ad1e0cd |
Fixes:
Related:
Pre-review Checklist
For new package PRs only
endoflife.date
)For new version streams
name: ${{package.name}}-compat
)provides:
logical unversioned forms of the package (e.g.nodejs
,nodejs-lts
)For security-related PRs
For version bump PRs
epoch
field is reset to 0For PRs that add patches