rancher-machine: advisories by Dentrax · Pull Request #16717 · wolfi-dev/advisories

-Original file line number
+Diff line change
@@ Expand Up / @@ -21,6 +21,10 @@ advisories: @@
                 componentType: go-module
                 componentLocation: /usr/bin/rancher-machine
                 scanner: grype
+          - timestamp: 2025-04-04T08:49:29Z
+            type: pending-upstream-fix
+            data:
+              note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. "
       - id: CGA-9m42-hjqr-hcrh
         aliases:
@@ Expand All / @@ -39,6 +43,10 @@ advisories: @@
                 componentType: go-module
                 componentLocation: /usr/bin/rancher-machine
                 scanner: grype
+          - timestamp: 2025-04-04T08:48:37Z
+            type: pending-upstream-fix
+            data:
+              note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. "
       - id: CGA-c845-7c7f-27p3
         aliases:
@@ Expand All / @@ -57,6 +65,10 @@ advisories: @@
                 componentType: go-module
                 componentLocation: /usr/bin/rancher-machine
                 scanner: grype
+          - timestamp: 2025-04-04T08:50:31Z
+            type: pending-upstream-fix
+            data:
+              note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. "
       - id: CGA-cm6m-j33h-vwfx
         aliases:
@@ Expand All / @@ -75,6 +87,10 @@ advisories: @@
                 componentType: go-module
                 componentLocation: /usr/bin/rancher-machine
                 scanner: grype
+          - timestamp: 2025-04-04T08:49:44Z
+            type: pending-upstream-fix
+            data:
+              note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. "
       - id: CGA-fw7g-fqpm-9f8p
         aliases:
@@ Expand All / @@ -92,6 +108,10 @@ advisories: @@
                 componentType: go-module
                 componentLocation: /usr/bin/rancher-machine
                 scanner: grype
+          - timestamp: 2025-04-04T08:50:17Z
+            type: pending-upstream-fix
+            data:
+              note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. "
       - id: CGA-g4c5-rm96-2333
         aliases:
@@ Expand All / @@ -110,6 +130,10 @@ advisories: @@
                 componentType: go-module
                 componentLocation: /usr/bin/rancher-machine
                 scanner: grype
+          - timestamp: 2025-04-04T08:49:12Z
+            type: pending-upstream-fix
+            data:
+              note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. "
       - id: CGA-qrpj-mpf2-373m
         aliases:
@@ Expand All / @@ -128,6 +152,11 @@ advisories: @@
                 componentType: go-module
                 componentLocation: /usr/bin/rancher-machine
                 scanner: grype
+          - timestamp: 2025-04-04T08:50:00Z
+            type: false-positive-determination
+            data:
+              type: vulnerable-code-version-not-used
+              note: v1.4.2 version of moby/moby dependency does not contain WriteProgress() func in the streamformatter.go file.
       - id: CGA-vx4c-qq47-4r28
         aliases:
@@ Expand All / @@ -146,6 +175,10 @@ advisories: @@
                 componentType: go-module
                 componentLocation: /usr/bin/rancher-machine
                 scanner: grype
+          - timestamp: 2025-04-04T08:41:44Z
+            type: pending-upstream-fix
+            data:
+              note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. "
       - id: CGA-wfj9-9xp6-q448
         aliases:
@@ Expand All / @@ -164,3 +197,7 @@ advisories: @@
                 componentType: go-module
                 componentLocation: /usr/bin/rancher-machine
                 scanner: grype
+          - timestamp: 2025-04-04T08:48:55Z
+            type: pending-upstream-fix
+            data:
+              note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. "

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

rancher-machine: advisories #16717

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!