Skip to content

Commit 90a865d

Browse files
nickboldtnickboldt
committed
regen for 1.3.1; add stub file for 1.3.2 since we have a list of those TBD items now
Signed-off-by: Nick Boldt <[email protected]>
1 parent 7e7f9af commit 90a865d

File tree

4 files changed

+13
-4
lines changed

4 files changed

+13
-4
lines changed

modules/release-notes/list-fixed-security-issues-in-product-1.3.1.txt

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,6 @@
11
# CVE number, affected package, fixed in version(s), JIRA
22

33
# not yet fixed, built, or ready for release
4-
# CVE-2024-21534,jsonpath-plus,10.0.0,RHIDP-4440
5-
# CVE-2024-47762,@backstage/plugin-app-backend,0.3.75,RHIDP-4321
6-
# CVE-2024-45816,@backstage/plugin-techdocs-backend,1.10.13,RHIDP-4116
74
# CVE-2024-37890,ws,8.17.1||7.5.10||6.2.3||5.2.4,RHIDP-2733
8-
# CVE-2024-46976,@backstage/plugin-techdocs-backend,1.10.13,RHIDP-4114
5+
# CVE-2024-21536,http-proxy-middleware,2.0.7||3.0.3,RHIDP-4612
96
# CVE-2024-45590,body-parser,1.20.3,RHIDP-3917,mostly fixed but missed immobiliarelabs-backstage-plugin-gitlab-backend-dynamic

modules/release-notes/list-fixed-security-issues-in-product-1.3.2.txt

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
# CVE number, affected package, fixed in version(s), JIRA
2+
3+
# not yet fixed, built, or ready for release
4+
# CVE-2024-21534,jsonpath-plus,10.0.0,RHIDP-4440
5+
# CVE-2024-47762,@backstage/plugin-app-backend,0.3.75,RHIDP-4321
6+
# CVE-2024-45816,@backstage/plugin-techdocs-backend,1.10.13,RHIDP-4116
7+
# CVE-2024-46976,@backstage/plugin-techdocs-backend,1.10.13,RHIDP-4114
8+
# CVE-2024-45815,@backstage/plugin-catalog-backend,1.26.0,RHIDP-4118

modules/release-notes/list-fixed-security-issues-in-rpm-1.3.1.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,3 +13,4 @@ CVE-2024-40959
1313
CVE-2024-42079
1414
CVE-2024-42272
1515
CVE-2024-42284
16+
CVE-2024-9355

modules/release-notes/snip-fixed-security-issues-in-rpm-1.3.1.adoc

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,9 @@ link:https://access.redhat.com/security/cve/CVE-2023-52658[CVE-2023-52658]::
1111
In the Linux kernel, the following vulnerability has been resolved:
1212
Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"
1313

14+
link:https://access.redhat.com/security/cve/CVE-2024-9355[CVE-2024-9355]::
15+
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.
16+
1417
link:https://access.redhat.com/security/cve/CVE-2024-27403[CVE-2024-27403]::
1518
In the Linux kernel, the following vulnerability has been resolved:
1619
netfilter: nft_flow_offload: reset dst in route object after setting up flow

0 commit comments

Comments
 (0)