Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

teleport/17.0.2 package update #35180

Closed
wants to merge 1 commit into from
Closed

teleport/17.0.2 package update #35180

wants to merge 1 commit into from

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Nov 25, 2024

@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. labels Nov 25, 2024
@github-actions GitHub Actions
Copy link
Contributor

Package teleport: Click to expand/collapse

Package teleport:

.PKGINFO metadata:

  (
  	"""
  	# Generated by melange
  	pkgname = teleport
- 	pkgver = 17.0.1-r0
+ 	pkgver = 17.0.2-r0
  	arch = x86_64
- 	size = 659271057
+ 	size = 659569661
  	origin = teleport
  	pkgdesc = The easiest, and most secure way to access and protect all of your infrastructure.
  	url = 
- 	commit = a5dc35f8ea066c0bd56b2b623bff1a1fb1b282f3
- 	builddate = 1731810944
+ 	commit = caf9c3bde495b563a83f77248b2d56671e41c282
+ 	builddate = 1732571644
  	license = AGPL-3.0-only
  	depend = posix-libc-utils
  	... // 3 identical lines
  	depend = so:libm.so.6
  	depend = so:libresolv.so.2
- 	datahash = b2e93a7273ac59c2cf63bf87612636b7f525ca3fb4958c749dd9430bb3f43d6e
+ 	datahash = 483a636c2985140a62768cd7cbfae77d977daff08823953b94e7f07eeb0a49f2
  	"""
  )

Modified: /usr/local/bin/fdpass-teleport
Modified: /usr/local/bin/tbot
Modified: /usr/local/bin/tctl
Modified: /usr/local/bin/teleport
Modified: /usr/local/bin/tsh

@octo-sts octo-sts bot added the bincapz/blocking Bincapz (aka malcontent) scan results detected CRITICALs on the packages. label Nov 25, 2024
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Nov 25, 2024

malcontent detected files with a risk score equal or higher than 'CRITICAL': Click to expand/collapse

/tmp/malcontent3955334732/packages/x86_64/teleport-17.0.2-r0.apk/usr/local/bin/tsh [🚨 CRITICAL]

RISK KEY DESCRIPTION EVIDENCE
CRITICAL 3P/eset/kobalos Kobalos malware, by Marc-Etienne M.Léveillé $rsa_512_mod_header
CRITICAL 3P/sig_base/kobalos Kobalos malware, by Marc-Etienne M.Leveille $rsa_512_mod_header

@philroche
Copy link
Member

PR @ #35267 likely fixes this update too

@octo-sts octo-sts bot closed this Dec 4, 2024
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Dec 4, 2024

superseded by #35786

@octo-sts octo-sts bot deleted the wolfictl-d518c429-6ee5-469d-be87-790725f81330 branch December 5, 2024 00:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
automated pr bincapz/blocking Bincapz (aka malcontent) scan results detected CRITICALs on the packages. P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. request-version-update request for a newer version of a package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@philroche @wolfi-bot