Bug 31804 - golang-github-prometheus, golang-github-prometheus-exporter-toolkit new security issue CVE-2022-46146
Summary: golang-github-prometheus, golang-github-prometheus-exporter-toolkit new secur...
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: Guillaume Rousse
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-04-17 15:14 CEST by David Walser
Modified: 2023-05-15 16:35 CEST (History)
0 users

See Also:
Source RPM: golang-github-prometheus-2.32.1-2.mga9.src.rpm, golang-github-prometheus-exporter-toolkit-0.7.1-1.mga9.src.rpm, golang-github-prometheus-alertmanager-0.23.0-4.mga9.src.rpm
CVE:
Status comment: Fixed upstream in golang-github-prometheus-exporter-toolkit 0.7.2

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-04-17 15:14:16 CEST 
SUSE has issued an advisory on April 14:
https://lists.suse.com/pipermail/sle-security-updates/2023-April/014455.html

The issue is fixed upstream in golang-github-prometheus-exporter-toolkit 0.7.2:
https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p

According to SUSE, golang-github-prometheus-exporter-toolkit is embedded in the golang-github-prometheus package.
David Walser 2023-04-17 15:15:03 CEST

Status comment: (none) => Fixed upstream in golang-github-prometheus-exporter-toolkit 0.7.2

Comment 1 Lewis Smith 2023-04-17 20:44:36 CEST 
I think this is for Guillaume.

Assignee: bugsquad => guillomovitch

Comment 2 David Walser 2023-05-15 16:35:41 CEST 
exporter-toolkit is also embedded in golang-github-prometheus-alertmanager according to SUSE:
https://lists.suse.com/pipermail/sle-security-updates/2023-May/014865.html

Source RPM: golang-github-prometheus-2.32.1-2.mga9.src.rpm, golang-github-prometheus-exporter-toolkit-0.7.1-1.mga9.src.rpm => golang-github-prometheus-2.32.1-2.mga9.src.rpm, golang-github-prometheus-exporter-toolkit-0.7.1-1.mga9.src.rpm, golang-github-prometheus-alertmanager-0.23.0-4.mga9.src.rpm
Note You need to log in before you can comment on or make changes to this bug.