File _patchinfo of Package patchinfo.25142

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.25142

<patchinfo incident="25142">
  <issue tracker="bnc" id="1200528">VUL-0: CVE-2022-1996: go-restful: CORS bypass</issue>
  <issue tracker="bnc" id="1203054">VUL-0: CVE-2022-36055: helm3,helm: denial of service through string value parsing</issue>
  <issue tracker="cve" id="2022-1996"/>
  <issue tracker="cve" id="2022-36055"/>
  <packager>dirkmueller</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for helm</summary>
  <description>This update for helm fixes the following issues:

helm was updated to version 3.9.4:

* CVE-2022-36055: Fixed denial of service through string value parsing (bsc#1203054).
* Updating the certificates used for testing
* Updating index handling

helm was updated to version 3.9.3:

- CVE-2022-1996: Updated kube-openapi to fix an issue that could result in a CORS protection bypass (bsc#1200528).
* Fix missing array length check on release

helm was updated to version 3.9.2:

* Update of the circleci image

helm was updated  to version 3.9.1:

* Update to support Kubernetes 1.24.2
* Improve logging and safety of statefulSetReady
* Make token caching an opt-in feature
* Bump github.com/lib/pq from 1.10.5 to 1.10.6
* Bump github.com/Masterminds/squirrel from 1.5.2 to 1.5.3

helm was updated to version 3.9.0:

* Added a --quiet flag to helm lint
* Added a --post-renderer-args flag to support arguments being passed to the post renderer
* Added more checks during the signing process
* Updated to add Kubernetes 1.24 support

helm was updated to version 3.8.2:

* Bump oras.land/oras-go from 1.1.0 to 1.1.1
* Fixing downloader plugin error handling
* Simplify testdata charts
* Simplify testdata charts
* Add tests for multi-level dependencies.
* Fix value precedence
* Bumping Kubernetes package versions
* Updating vcs to latest version
* Dont modify provided transport
* Pass http getter as pointer in tests
* Add docs block
* Add transport option and tests
* Reuse http transport
* Updating Kubernetes libs to 0.23.4 (latest)
* fix: remove deadcode
* fix: helm package tests
* fix: helm package with dependency update for charts with OCI dependencies
* Fix typo Unset the env var before func return in Unit Test
* add legal name check
* maint: fix syntax error in deploy.sh
* linting issue fixed
* only apply overwrite if version is canary
* overwrite flag added to az storage blob upload-batch
* Avoid querying for OCI tags can explicit version provided in chart dependencies
* Management of bearer tokens for tag listing
* Updating Kubernetes packages to 1.23.3
* refactor: use `os.ReadDir` for lightweight directory reading
* Add IngressClass to manifests to be (un)installed
* feat(comp): Shell completion for OCI
* Fix install memory/goroutine leak
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.25142

Places