Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-v2cv-wwxq-qq97 #2521

Closed
GoVulnBot opened this issue Feb 1, 2024 · 4 comments
Assignees
Labels
excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. needs-review

Comments

@GoVulnBot
Copy link

In GitHub Security Advisory GHSA-v2cv-wwxq-qq97, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/moby/moby 20.10.0-beta1 < 20.10.0-beta1

Cross references:

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/moby/moby
      versions:
        - fixed: 20.10.0-beta1
      packages:
        - package: github.com/moby/moby
summary: Moby Docker cp broken with debian containers
cves:
    - CVE-2019-14271
ghsas:
    - GHSA-v2cv-wwxq-qq97
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2019-14271
    - report: https://github.com/moby/moby/issues/39449
    - web: https://docs.docker.com/engine/release-notes/
    - web: https://seclists.org/bugtraq/2019/Sep/21
    - web: https://security.netapp.com/advisory/ntap-20190828-0003/
    - web: https://www.debian.org/security/2019/dsa-4521
    - web: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
    - fix: https://github.com/moby/moby/pull/39612
    - fix: https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545
    - advisory: https://github.com/advisories/GHSA-v2cv-wwxq-qq97

@tatianab tatianab added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Feb 20, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/565379 mentions this issue: data/excluded: batch add 7 excluded reports

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/567817 mentions this issue: data/excluded: batch add 15 excluded reports

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/592778 mentions this issue: data/reports: unexclude 80 reports

gopherbot pushed a commit that referenced this issue Jun 28, 2024
  - data/reports/GO-2024-2521.yaml
  - data/reports/GO-2024-2434.yaml
  - data/reports/GO-2024-2537.yaml
  - data/reports/GO-2024-2432.yaml
  - data/reports/GO-2024-2483.yaml
  - data/reports/GO-2024-2480.yaml
  - data/reports/GO-2024-2433.yaml
  - data/reports/GO-2024-2530.yaml
  - data/reports/GO-2024-2556.yaml
  - data/reports/GO-2024-2472.yaml
  - data/reports/GO-2024-2540.yaml
  - data/reports/GO-2024-2560.yaml
  - data/reports/GO-2024-2561.yaml
  - data/reports/GO-2024-2590.yaml
  - data/reports/GO-2024-2428.yaml
  - data/reports/GO-2024-2508.yaml
  - data/reports/GO-2024-2592.yaml
  - data/reports/GO-2024-2511.yaml
  - data/reports/GO-2024-2491.yaml
  - data/reports/GO-2024-2479.yaml
  - data/reports/GO-2024-2509.yaml
  - data/reports/GO-2024-2589.yaml
  - data/reports/GO-2024-2496.yaml
  - data/reports/GO-2024-2505.yaml
  - data/reports/GO-2024-2558.yaml
  - data/reports/GO-2024-2430.yaml
  - data/reports/GO-2024-2594.yaml
  - data/reports/GO-2024-2431.yaml
  - data/reports/GO-2024-2488.yaml
  - data/reports/GO-2024-2495.yaml
  - data/reports/GO-2024-2557.yaml
  - data/reports/GO-2024-2442.yaml
  - data/reports/GO-2024-2593.yaml
  - data/reports/GO-2024-2512.yaml
  - data/reports/GO-2024-2528.yaml
  - data/reports/GO-2024-2529.yaml
  - data/reports/GO-2024-2588.yaml
  - data/reports/GO-2024-2562.yaml
  - data/reports/GO-2024-2441.yaml
  - data/reports/GO-2024-2591.yaml
  - data/reports/GO-2024-2477.yaml
  - data/reports/GO-2024-2448.yaml
  - data/reports/GO-2024-2510.yaml
  - data/reports/GO-2024-2564.yaml
  - data/reports/GO-2024-2476.yaml
  - data/reports/GO-2024-2527.yaml
  - data/reports/GO-2024-2481.yaml
  - data/reports/GO-2024-2445.yaml
  - data/reports/GO-2024-2457.yaml
  - data/reports/GO-2024-2446.yaml
  - data/reports/GO-2024-2447.yaml
  - data/reports/GO-2024-2501.yaml
  - data/reports/GO-2024-2440.yaml
  - data/reports/GO-2024-2500.yaml
  - data/reports/GO-2024-2444.yaml
  - data/reports/GO-2024-2550.yaml
  - data/reports/GO-2024-2523.yaml
  - data/reports/GO-2024-2516.yaml
  - data/reports/GO-2024-2531.yaml
  - data/reports/GO-2024-2595.yaml
  - data/reports/GO-2024-2520.yaml
  - data/reports/GO-2024-2582.yaml
  - data/reports/GO-2024-2485.yaml
  - data/reports/GO-2024-2541.yaml
  - data/reports/GO-2024-2563.yaml
  - data/reports/GO-2024-2532.yaml
  - data/reports/GO-2024-2450.yaml
  - data/reports/GO-2024-2515.yaml
  - data/reports/GO-2024-2499.yaml
  - data/reports/GO-2024-2514.yaml
  - data/reports/GO-2024-2535.yaml
  - data/reports/GO-2024-2458.yaml
  - data/reports/GO-2024-2449.yaml
  - data/reports/GO-2024-2549.yaml
  - data/reports/GO-2024-2517.yaml
  - data/reports/GO-2024-2478.yaml
  - data/reports/GO-2024-2559.yaml
  - data/reports/GO-2024-2486.yaml
  - data/reports/GO-2024-2513.yaml
  - data/reports/GO-2024-2565.yaml

Updates #2521
Updates #2434
Updates #2537
Updates #2432
Updates #2483
Updates #2480
Updates #2433
Updates #2530
Updates #2556
Updates #2472
Updates #2540
Updates #2560
Updates #2561
Updates #2590
Updates #2428
Updates #2508
Updates #2592
Updates #2511
Updates #2491
Updates #2479
Updates #2509
Updates #2589
Updates #2496
Updates #2505
Updates #2558
Updates #2430
Updates #2594
Updates #2431
Updates #2488
Updates #2495
Updates #2557
Updates #2442
Updates #2593
Updates #2512
Updates #2528
Updates #2529
Updates #2588
Updates #2562
Updates #2441
Updates #2591
Updates #2477
Updates #2448
Updates #2510
Updates #2564
Updates #2476
Updates #2527
Updates #2481
Updates #2445
Updates #2457
Updates #2446
Updates #2447
Updates #2501
Updates #2440
Updates #2500
Updates #2444
Updates #2550
Updates #2523
Updates #2516
Updates #2531
Updates #2595
Updates #2520
Updates #2582
Updates #2485
Updates #2541
Updates #2563
Updates #2532
Updates #2450
Updates #2515
Updates #2499
Updates #2514
Updates #2535
Updates #2458
Updates #2449
Updates #2549
Updates #2517
Updates #2478
Updates #2559
Updates #2486
Updates #2513
Updates #2565

Change-Id: I9920757c40e457cb5d033ef0e0a99deb6a5c29b5
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/592778
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
@tatianab tatianab reopened this Jul 15, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/598315 mentions this issue: data/reports: review GO-2024-2521

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. needs-review
Projects
None yet
Development

No branches or pull requests

3 participants