Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerability patch in singleuser-sample #3500

Merged
merged 1 commit into from
Sep 16, 2024
Merged

Conversation

jupyterhub-bot
Copy link
Collaborator

A rebuild of quay.io/jupyterhub/k8s-singleuser-sample has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

  • ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-singleuser-sample:4.0.0-0.dev.git.6718.h3cc472d7.

Target Vuln. ID Package Name Installed v. Fixed v.
debian CVE-2023-25652 git 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2023-25652 git-man 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2023-25815 git 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2023-25815 git-man 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2023-29007 git 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2023-29007 git-man 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2024-32002 git 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2024-32002 git-man 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2024-32004 git 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2024-32004 git-man 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2024-32020 git 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2024-32020 git-man 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2024-32021 git 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2024-32021 git-man 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2024-32465 git 1:2.39.2-1.1 1:2.39.5-0+deb12u1
debian CVE-2024-32465 git-man 1:2.39.2-1.1 1:2.39.5-0+deb12u1
node-pkg CVE-2024-38999 requirejs 2.3.6 2.3.7

After

Target Vuln. ID Package Name Installed v. Fixed v.
node-pkg CVE-2024-38999 requirejs 2.3.6 2.3.7

@jupyterhub-bot jupyterhub-bot added the image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability label Sep 16, 2024
@manics manics merged commit f370794 into main Sep 16, 2024
15 checks passed
@manics manics deleted the vuln-scan-singleuser-sample branch September 16, 2024 09:31
consideRatio pushed a commit to jupyterhub/helm-chart that referenced this pull request Sep 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants