HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3). References: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 https://github.com/hashicorp/go-getter/releases
Created golang-github-yujunz-getter tracking bugs for this issue: Affects: fedora-all [bug 2092922]
What's the point of the three duplicate issues[1]? Is there something that I'm missing here? [1]: https://bugzilla.redhat.com/show_bug.cgi?id=2092918 https://bugzilla.redhat.com/show_bug.cgi?id=2092923 https://bugzilla.redhat.com/show_bug.cgi?id=2092925
(In reply to Maxwell G from comment #5) > What's the point of the three duplicate issues[1]? Is there something that > I'm missing here? > > [1]: https://bugzilla.redhat.com/show_bug.cgi?id=2092918 > https://bugzilla.redhat.com/show_bug.cgi?id=2092923 > https://bugzilla.redhat.com/show_bug.cgi?id=2092925 Ah, I guess there are three different CVEs surrounding unsafe downloads. I did not look closely at the CVE numbers. Feel free to disregard this.
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2022:5673 https://access.redhat.com/errata/RHSA-2022:5673
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:5069 https://access.redhat.com/errata/RHSA-2022:5069
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:6133 https://access.redhat.com/errata/RHSA-2022:6133
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2022:6147 https://access.redhat.com/errata/RHSA-2022:6147
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:6258 https://access.redhat.com/errata/RHSA-2022:6258
I am removing myself from this issue. Please see https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/ETPDV57SDTABYN6P6MGRZWRRCXVFLPZD/ for a discussion on how prodsec can properly deal with Fedora vulnerabilities.
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.8 Via RHSA-2022:6308 https://access.redhat.com/errata/RHSA-2022:6308
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:6805 https://access.redhat.com/errata/RHSA-2022:6805
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.8 Via RHSA-2022:6801 https://access.redhat.com/errata/RHSA-2022:6801
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2022:6905 https://access.redhat.com/errata/RHSA-2022:6905
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2022:7201 https://access.redhat.com/errata/RHSA-2022:7201
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:7211 https://access.redhat.com/errata/RHSA-2022:7211
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2022:7216 https://access.redhat.com/errata/RHSA-2022:7216
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.8 Via RHSA-2022:7874 https://access.redhat.com/errata/RHSA-2022:7874
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-30321
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2022:9111 https://access.redhat.com/errata/RHSA-2022:9111