diff --git a/stable/jackett/9.0.27/CHANGELOG.md b/stable/jackett/9.0.28/CHANGELOG.md similarity index 90% rename from stable/jackett/9.0.27/CHANGELOG.md rename to stable/jackett/9.0.28/CHANGELOG.md index 6c2c6176dd8..17d4d804c75 100644 --- a/stable/jackett/9.0.27/CHANGELOG.md +++ b/stable/jackett/9.0.28/CHANGELOG.md @@ -1,6 +1,15 @@ # Changelog
+ +### [jackett-9.0.28](https://github.com/truecharts/apps/compare/jackett-9.0.27...jackett-9.0.28) (2021-12-03) + +#### Feat + +* Render security scan results during build ([#1451](https://github.com/truecharts/apps/issues/1451)) + + + ### [jackett-9.0.27](https://github.com/truecharts/apps/compare/jackett-9.0.26...jackett-9.0.27) (2021-12-03) @@ -88,12 +97,3 @@ - -### [jackett-9.0.17](https://github.com/truecharts/apps/compare/jackett-9.0.16...jackett-9.0.17) (2021-11-15) - -#### Chore - -* update non-major deps helm releases ([#1338](https://github.com/truecharts/apps/issues/1338)) - - - diff --git a/stable/jackett/9.0.27/CONFIG.md b/stable/jackett/9.0.28/CONFIG.md similarity index 100% rename from stable/jackett/9.0.27/CONFIG.md rename to stable/jackett/9.0.28/CONFIG.md diff --git a/stable/jackett/9.0.27/Chart.lock b/stable/jackett/9.0.28/Chart.lock similarity index 78% rename from stable/jackett/9.0.27/Chart.lock rename to stable/jackett/9.0.28/Chart.lock index 457792e399e..1b060cdf161 100644 --- a/stable/jackett/9.0.27/Chart.lock +++ b/stable/jackett/9.0.28/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://truecharts.org version: 8.9.7 digest: sha256:fcde72accd942e87af2e3e43b8743053fca3f604d214556f2357bd39ca43d3dd -generated: "2021-12-03T14:50:43.416726007Z" +generated: "2021-12-03T18:32:55.308647422Z" diff --git a/stable/jackett/9.0.27/Chart.yaml b/stable/jackett/9.0.28/Chart.yaml similarity index 97% rename from stable/jackett/9.0.27/Chart.yaml rename to stable/jackett/9.0.28/Chart.yaml index 434db2c4c4f..3754c7f72db 100644 --- a/stable/jackett/9.0.27/Chart.yaml +++ b/stable/jackett/9.0.28/Chart.yaml @@ -21,7 +21,7 @@ name: jackett sources: - https://github.com/Jackett/Jackett type: application -version: 9.0.27 +version: 9.0.28 annotations: truecharts.org/catagories: | - media diff --git a/stable/jackett/9.0.27/README.md b/stable/jackett/9.0.28/README.md similarity index 100% rename from stable/jackett/9.0.27/README.md rename to stable/jackett/9.0.28/README.md diff --git a/stable/jackett/9.0.27/app-readme.md b/stable/jackett/9.0.28/app-readme.md similarity index 100% rename from stable/jackett/9.0.27/app-readme.md rename to stable/jackett/9.0.28/app-readme.md diff --git a/stable/jackett/9.0.27/charts/common-8.9.7.tgz b/stable/jackett/9.0.28/charts/common-8.9.7.tgz similarity index 100% rename from stable/jackett/9.0.27/charts/common-8.9.7.tgz rename to stable/jackett/9.0.28/charts/common-8.9.7.tgz diff --git a/stable/jackett/9.0.27/helm-values.md b/stable/jackett/9.0.28/helm-values.md similarity index 100% rename from stable/jackett/9.0.27/helm-values.md rename to stable/jackett/9.0.28/helm-values.md diff --git a/stable/jackett/9.0.27/ix_values.yaml b/stable/jackett/9.0.28/ix_values.yaml similarity index 100% rename from stable/jackett/9.0.27/ix_values.yaml rename to stable/jackett/9.0.28/ix_values.yaml diff --git a/stable/jackett/9.0.27/questions.yaml b/stable/jackett/9.0.28/questions.yaml similarity index 100% rename from stable/jackett/9.0.27/questions.yaml rename to stable/jackett/9.0.28/questions.yaml diff --git a/stable/jackett/9.0.28/sec-scan.md b/stable/jackett/9.0.28/sec-scan.md new file mode 100644 index 00000000000..173c0dd1a6e --- /dev/null +++ b/stable/jackett/9.0.28/sec-scan.md @@ -0,0 +1,601 @@ +# Security Scan + +## Helm-Chart + +##### Scan Results + +``` +2021-12-03T18:33:16.449Z INFO Need to update the built-in policies +2021-12-03T18:33:16.449Z INFO Downloading the built-in policies... +2021-12-03T18:33:17.259Z INFO Detected config files: 1 + +jackett/templates/common.yaml (kubernetes) +========================================== +Tests: 40 (SUCCESSES: 28, FAILURES: 12, EXCEPTIONS: 0) +Failures: 12 (UNKNOWN: 0, LOW: 5, MEDIUM: 7, HIGH: 0, CRITICAL: 0) + ++---------------------------+------------+-----------------------------------+----------+------------------------------------------+ +| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | ++---------------------------+------------+-----------------------------------+----------+------------------------------------------+ +| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-jackett' of | +| | | | | Deployment 'RELEASE-NAME-jackett' | +| | | | | should add 'ALL' to | +| | | | | 'securityContext.capabilities.drop' | +| | | | | -->avd.aquasec.com/appshield/ksv003 | ++ +------------+-----------------------------------+----------+------------------------------------------+ +| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' of | +| | | | | Deployment 'RELEASE-NAME-jackett' should | +| | | | | set 'securityContext.runAsNonRoot' to | +| | | | | true -->avd.aquasec.com/appshield/ksv012 | ++ +------------+-----------------------------------+----------+------------------------------------------+ +| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-jackett' of | +| | | | | Deployment 'RELEASE-NAME-jackett' | +| | | | | should specify an image tag | +| | | | | -->avd.aquasec.com/appshield/ksv013 | ++ + + + +------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | Deployment 'RELEASE-NAME-jackett' | +| | | | | should specify an image tag | +| | | | | -->avd.aquasec.com/appshield/ksv013 | ++ +------------+-----------------------------------+ +------------------------------------------+ +| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-jackett' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-jackett' should set | +| | | | | 'securityContext.readOnlyRootFilesystem' | +| | | | | to true | +| | | | | -->avd.aquasec.com/appshield/ksv014 | ++ + + + +------------------------------------------+ +| | | | | Container 'autopermissions' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-jackett' should set | +| | | | | 'securityContext.readOnlyRootFilesystem' | +| | | | | to true | +| | | | | -->avd.aquasec.com/appshield/ksv014 | ++ +------------+-----------------------------------+----------+------------------------------------------+ +| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-jackett' of | +| | | | | Deployment 'RELEASE-NAME-jackett' | +| | | | | should specify a seccomp profile | +| | | | | -->avd.aquasec.com/appshield/ksv019 | ++ + + + +------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | Deployment 'RELEASE-NAME-jackett' | +| | | | | should specify a seccomp profile | +| | | | | -->avd.aquasec.com/appshield/ksv019 | ++ +------------+-----------------------------------+ +------------------------------------------+ +| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-jackett' of | +| | | | | Deployment 'RELEASE-NAME-jackett' should | +| | | | | set 'securityContext.runAsUser' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv020 | ++ + + + +------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | Deployment 'RELEASE-NAME-jackett' should | +| | | | | set 'securityContext.runAsUser' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv020 | ++ +------------+-----------------------------------+ +------------------------------------------+ +| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-jackett' of | +| | | | | Deployment 'RELEASE-NAME-jackett' should | +| | | | | set 'securityContext.runAsGroup' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv021 | ++ + + + +------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | Deployment 'RELEASE-NAME-jackett' should | +| | | | | set 'securityContext.runAsGroup' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv021 | ++---------------------------+------------+-----------------------------------+----------+------------------------------------------+ +``` + +## Containers + +##### Detected Containers + + ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c + tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79 + +##### Scan Results + +**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** + +``` +2021-12-03T18:33:17.339Z INFO Need to update DB +2021-12-03T18:33:17.340Z INFO Downloading DB... +2021-12-03T18:33:19.939Z INFO Detected OS: alpine +2021-12-03T18:33:19.939Z INFO Detecting Alpine vulnerabilities... +2021-12-03T18:33:19.941Z INFO Number of language-specific files: 0 + +ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) +========================================================================================================================= +Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) + ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42379 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42380 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42381 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42382 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42383 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42384 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42385 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42386 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | ++ +------------------+----------+ +---------------+---------------------------------------+ +| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | +| | | | | | in unlzma applet leads to | +| | | | | | information leak and denial... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | ++ +------------------+ + +---------------+---------------------------------------+ +| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | +| | | | | | of a special element in | +| | | | | | ash applet leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | ++------------+------------------+----------+ +---------------+---------------------------------------+ +| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42379 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42380 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42381 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42382 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42383 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42384 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42385 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42386 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | ++ +------------------+----------+ +---------------+---------------------------------------+ +| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | +| | | | | | in unlzma applet leads to | +| | | | | | information leak and denial... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | ++ +------------------+ + +---------------+---------------------------------------+ +| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | +| | | | | | of a special element in | +| | | | | | ash applet leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +``` + +**Container: tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79** + +``` +2021-12-03T18:33:24.300Z INFO Detected OS: ubuntu +2021-12-03T18:33:24.300Z INFO Detecting Ubuntu vulnerabilities... +2021-12-03T18:33:24.303Z INFO Number of language-specific files: 1 +2021-12-03T18:33:24.303Z INFO Detecting gobinary vulnerabilities... + +tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79 (ubuntu 20.04) +========================================================================================================================== +Total: 76 (UNKNOWN: 0, LOW: 52, MEDIUM: 24, HIGH: 0, CRITICAL: 0) + ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ +| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ +| bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | | bash: when effective UID is not | +| | | | | | equal to its real UID the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ +| bind9-dnsutils | CVE-2021-25219 | MEDIUM | 1:9.16.1-0ubuntu2.8 | 1:9.16.1-0ubuntu2.9 | bind: Lame cache can be abused to | +| | | | | | severely degrade resolver performance | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-25219 | ++----------------------+ + + + + + +| bind9-host | | | | | | +| | | | | | | +| | | | | | | ++----------------------+ + + + + + +| bind9-libs | | | | | | +| | | | | | | +| | | | | | | ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ +| coreutils | CVE-2016-2781 | LOW | 8.30-3ubuntu2 | | coreutils: Non-privileged | +| | | | | | session can escape to the | +| | | | | | parent session in chroot | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ +| dnsutils | CVE-2021-25219 | MEDIUM | 1:9.16.1-0ubuntu2.8 | 1:9.16.1-0ubuntu2.9 | bind: Lame cache can be abused to | +| | | | | | severely degrade resolver performance | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-25219 | ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ +| libasn1-8-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | +| | | | | | on missing sname in TGS-REQ | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ +| libc-bin | CVE-2021-35942 | MEDIUM | 2.31-0ubuntu9.2 | | glibc: Arbitrary read in wordexp() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-38604 | | | | glibc: NULL pointer dereference in | +| | | | | | helper_thread() in mq_notify.c while | +| | | | | | handling NOTIFY_REMOVED messages... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-38604 | ++ +------------------+----------+ +-------------------------+-----------------------------------------+ +| | CVE-2016-10228 | LOW | | | glibc: iconv program can hang | +| | | | | | when invoked with the -c option | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2019-25013 | | | | glibc: buffer over-read in | +| | | | | | iconv when processing invalid | +| | | | | | multi-byte input sequences in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2020-27618 | | | | glibc: iconv when processing | +| | | | | | invalid multi-byte input | +| | | | | | sequences fails to advance the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2020-29562 | | | | glibc: assertion failure in iconv | +| | | | | | when converting invalid UCS4 | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-29562 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2020-6096 | | | | glibc: signed comparison | +| | | | | | vulnerability in the | +| | | | | | ARMv7 memcpy function | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-27645 | | | | glibc: Use-after-free in | +| | | | | | addgetnetgrentX function | +| | | | | | in netgroupcache.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-3326 | | | | glibc: Assertion failure in | +| | | | | | ISO-2022-JP-3 gconv module | +| | | | | | related to combining characters | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-33574 | | | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++----------------------+------------------+----------+ +-------------------------+-----------------------------------------+ +| libc6 | CVE-2021-35942 | MEDIUM | | | glibc: Arbitrary read in wordexp() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-38604 | | | | glibc: NULL pointer dereference in | +| | | | | | helper_thread() in mq_notify.c while | +| | | | | | handling NOTIFY_REMOVED messages... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-38604 | ++ +------------------+----------+ +-------------------------+-----------------------------------------+ +| | CVE-2016-10228 | LOW | | | glibc: iconv program can hang | +| | | | | | when invoked with the -c option | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2019-25013 | | | | glibc: buffer over-read in | +| | | | | | iconv when processing invalid | +| | | | | | multi-byte input sequences in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2020-27618 | | | | glibc: iconv when processing | +| | | | | | invalid multi-byte input | +| | | | | | sequences fails to advance the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2020-29562 | | | | glibc: assertion failure in iconv | +| | | | | | when converting invalid UCS4 | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-29562 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2020-6096 | | | | glibc: signed comparison | +| | | | | | vulnerability in the | +| | | | | | ARMv7 memcpy function | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-27645 | | | | glibc: Use-after-free in | +| | | | | | addgetnetgrentX function | +| | | | | | in netgroupcache.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-3326 | | | | glibc: Assertion failure in | +| | | | | | ISO-2022-JP-3 gconv module | +| | | | | | related to combining characters | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-33574 | | | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ +| libgmp10 | CVE-2021-43618 | | 2:6.2.0+dfsg-4 | | gmp: Integer overflow and resultant | +| | | | | | buffer overflow via crafted input | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ +| libgssapi-krb5-2 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | krb5: Sending a request containing | +| | | | | | PA-ENCRYPTED-CHALLENGE padata | +| | | | | | element without using FAST could... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | ++ +------------------+----------+ +-------------------------+-----------------------------------------+ +| | CVE-2018-5709 | LOW | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ +| libgssapi3-heimdal | CVE-2021-3671 | | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | +| | | | | | on missing sname in TGS-REQ | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | ++----------------------+ + + +-------------------------+ + +| libhcrypto4-heimdal | | | | | | +| | | | | | | +| | | | | | | ++----------------------+ + + +-------------------------+ + +| libheimbase1-heimdal | | | | | | +| | | | | | | +| | | | | | | ++----------------------+ + + +-------------------------+ + +| libheimntlm0-heimdal | | | | | | +| | | | | | | +| | | | | | | ++----------------------+ + + +-------------------------+ + +| libhx509-5-heimdal | | | | | | +| | | | | | | +| | | | | | | ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ +| libk5crypto3 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | krb5: Sending a request containing | +| | | | | | PA-ENCRYPTED-CHALLENGE padata | +| | | | | | element without using FAST could... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | ++ +------------------+----------+ +-------------------------+-----------------------------------------+ +| | CVE-2018-5709 | LOW | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ +| libkrb5-26-heimdal | CVE-2021-3671 | | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | +| | | | | | on missing sname in TGS-REQ | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ +| libkrb5-3 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | krb5: Sending a request containing | +| | | | | | PA-ENCRYPTED-CHALLENGE padata | +| | | | | | element without using FAST could... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | ++ +------------------+----------+ +-------------------------+-----------------------------------------+ +| | CVE-2018-5709 | LOW | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++----------------------+------------------+----------+ +-------------------------+-----------------------------------------+ +| libkrb5support0 | CVE-2021-36222 | MEDIUM | | | krb5: Sending a request containing | +| | | | | | PA-ENCRYPTED-CHALLENGE padata | +| | | | | | element without using FAST could... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | ++ +------------------+----------+ +-------------------------+-----------------------------------------+ +| | CVE-2018-5709 | LOW | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ +| libpcre3 | CVE-2017-11164 | | 2:8.39-12build1 | | pcre: OP_KETRMAX feature in the | +| | | | | | match function in pcre_exec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | +| | | | | | when UTF is disabled and \X or... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2020-14155 | | | | pcre: Integer overflow when | +| | | | | | parsing callout numeric arguments | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ +| libpython3.8-minimal | CVE-2021-29921 | MEDIUM | 3.8.10-0ubuntu1~20.04 | 3.8.10-0ubuntu1~20.04.1 | python-ipaddress: Improper input | +| | | | | | validation of octal strings | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-29921 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-3737 | | | | python: urllib: HTTP client | +| | | | | | possible infinite loop on | +| | | | | | a 100 Continue response... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3737 | ++ +------------------+----------+ +-------------------------+-----------------------------------------+ +| | CVE-2021-23336 | LOW | | | python: Web cache poisoning | +| | | | | | via urllib.parse.parse_qsl | +| | | | | | and urllib.parse.parse_qs | +| | | | | | by using a semicolon... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-23336 | ++----------------------+------------------+----------+ +-------------------------+-----------------------------------------+ +| libpython3.8-stdlib | CVE-2021-29921 | MEDIUM | | 3.8.10-0ubuntu1~20.04.1 | python-ipaddress: Improper input | +| | | | | | validation of octal strings | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-29921 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-3737 | | | | python: urllib: HTTP client | +| | | | | | possible infinite loop on | +| | | | | | a 100 Continue response... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3737 | ++ +------------------+----------+ +-------------------------+-----------------------------------------+ +| | CVE-2021-23336 | LOW | | | python: Web cache poisoning | +| | | | | | via urllib.parse.parse_qsl | +| | | | | | and urllib.parse.parse_qs | +| | | | | | by using a semicolon... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-23336 | ++----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ +| libroken18-heimdal | CVE-2021-3671 | | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | +| | | | | | on missing sname in TGS-REQ | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ +| libsqlite3-0 | CVE-2020-9794 | MEDIUM | 3.31.1-4ubuntu0.2 | | An out-of-bounds read was | +| | | | | | addressed with improved bounds | +| | | | | | checking. This issue is... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-9794 | ++ +------------------+----------+ +-------------------------+-----------------------------------------+ +| | CVE-2020-9849 | LOW | | | An information disclosure issue | +| | | | | | was addressed with improved | +| | | | | | state management. This issue... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-9849 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2020-9991 | | | | This issue was addressed | +| | | | | | with improved checks. | +| | | | | | This issue is fixed in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-9991 | ++----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ +| libtasn1-6 | CVE-2018-1000654 | | 4.16.0-2 | | libtasn1: Infinite loop in | +| | | | | | _asn1_expand_object_id(ptree) | +| | | | | | leads to memory exhaustion | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | ++----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ +| libwind0-heimdal | CVE-2021-3671 | | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | +| | | | | | on missing sname in TGS-REQ | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ +| locales | CVE-2021-35942 | MEDIUM | 2.31-0ubuntu9.2 | | glibc: Arbitrary read in wordexp() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-38604 | | | | glibc: NULL pointer dereference in | +| | | | | | helper_thread() in mq_notify.c while | +| | | | | | handling NOTIFY_REMOVED messages... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-38604 | ++ +------------------+----------+ +-------------------------+-----------------------------------------+ +| | CVE-2016-10228 | LOW | | | glibc: iconv program can hang | +| | | | | | when invoked with the -c option | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2019-25013 | | | | glibc: buffer over-read in | +| | | | | | iconv when processing invalid | +| | | | | | multi-byte input sequences in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2020-27618 | | | | glibc: iconv when processing | +| | | | | | invalid multi-byte input | +| | | | | | sequences fails to advance the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2020-29562 | | | | glibc: assertion failure in iconv | +| | | | | | when converting invalid UCS4 | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-29562 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2020-6096 | | | | glibc: signed comparison | +| | | | | | vulnerability in the | +| | | | | | ARMv7 memcpy function | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-27645 | | | | glibc: Use-after-free in | +| | | | | | addgetnetgrentX function | +| | | | | | in netgroupcache.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-3326 | | | | glibc: Assertion failure in | +| | | | | | ISO-2022-JP-3 gconv module | +| | | | | | related to combining characters | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-33574 | | | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ +| login | CVE-2013-4235 | | 1:4.8.1-1ubuntu5.20.04.1 | | shadow-utils: TOCTOU race | +| | | | | | conditions by copying and | +| | | | | | removing directory trees | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | ++----------------------+ + + +-------------------------+ + +| passwd | | | | | | +| | | | | | | +| | | | | | | +| | | | | | | ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ +| perl-base | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | | [Signature Verification Bypass] | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | ++----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ +| python3.8 | CVE-2021-29921 | | 3.8.10-0ubuntu1~20.04 | 3.8.10-0ubuntu1~20.04.1 | python-ipaddress: Improper input | +| | | | | | validation of octal strings | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-29921 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-3737 | | | | python: urllib: HTTP client | +| | | | | | possible infinite loop on | +| | | | | | a 100 Continue response... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3737 | ++ +------------------+----------+ +-------------------------+-----------------------------------------+ +| | CVE-2021-23336 | LOW | | | python: Web cache poisoning | +| | | | | | via urllib.parse.parse_qsl | +| | | | | | and urllib.parse.parse_qs | +| | | | | | by using a semicolon... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-23336 | ++----------------------+------------------+----------+ +-------------------------+-----------------------------------------+ +| python3.8-minimal | CVE-2021-29921 | MEDIUM | | 3.8.10-0ubuntu1~20.04.1 | python-ipaddress: Improper input | +| | | | | | validation of octal strings | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-29921 | ++ +------------------+ + +-------------------------+-----------------------------------------+ +| | CVE-2021-3737 | | | | python: urllib: HTTP client | +| | | | | | possible infinite loop on | +| | | | | | a 100 Continue response... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3737 | ++ +------------------+----------+ +-------------------------+-----------------------------------------+ +| | CVE-2021-23336 | LOW | | | python: Web cache poisoning | +| | | | | | via urllib.parse.parse_qsl | +| | | | | | and urllib.parse.parse_qs | +| | | | | | by using a semicolon... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-23336 | ++----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ + +usr/local/bin/micro (gobinary) +============================== +Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0) + ++------------------+------------------+----------+-------------------+---------------+---------------------------------------+ +| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | ++------------------+------------------+----------+-------------------+---------------+---------------------------------------+ +| gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 | kubernetes: Denial of | +| | | | | | service in API server via | +| | | | | | crafted YAML payloads by... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-11254 | ++------------------+------------------+----------+-------------------+---------------+---------------------------------------+ +``` + diff --git a/stable/jackett/9.0.27/templates/common.yaml b/stable/jackett/9.0.28/templates/common.yaml similarity index 100% rename from stable/jackett/9.0.27/templates/common.yaml rename to stable/jackett/9.0.28/templates/common.yaml diff --git a/stable/jackett/9.0.27/values.yaml b/stable/jackett/9.0.28/values.yaml similarity index 100% rename from stable/jackett/9.0.27/values.yaml rename to stable/jackett/9.0.28/values.yaml