chore(findings): opensource/debian/debian

Summary

opensource/debian/debian has 68 new findings discovered during continuous monitoring.

id	source	severity	package
4f9abc83a7a1c95e222b659e0fab27fa	Anchore Compliance	Low
CVE-2023-31438	Anchore CVE	Low	libsystemd0-252.17-1~deb12u1
CVE-2022-0563	Anchore CVE	Low	libmount1-2.38.1-5+b1
CVE-2022-0563	Anchore CVE	Low	libsmartcols1-2.38.1-5+b1
CVE-2011-4116	Anchore CVE	Low	perl-base-5.36.0-7
CVE-2022-0563	Anchore CVE	Low	util-linux-2.38.1-5+b1
CVE-2013-4392	Anchore CVE	Low	libsystemd0-252.17-1~deb12u1
CVE-2023-31486	Anchore CVE	Low	perl-base-5.36.0-7
CVE-2022-0563	Anchore CVE	Low	libuuid1-2.38.1-5+b1
CVE-2007-5686	Anchore CVE	Low	passwd-1:4.13+dfsg1-1+b1
CVE-2023-31438	Anchore CVE	Low	libudev1-252.17-1~deb12u1
CVE-2022-0563	Anchore CVE	Low	bsdutils-1:2.38.1-5+b1
CVE-2017-18018	Anchore CVE	Low	coreutils-9.1-1
CVE-2022-27943	Anchore CVE	Low	libgcc-s1-12.2.0-14
CVE-2023-31437	Anchore CVE	Low	libsystemd0-252.17-1~deb12u1
CVE-2007-5686	Anchore CVE	Low	login-1:4.13+dfsg1-1+b1
CVE-2022-27943	Anchore CVE	Low	gcc-12-base-12.2.0-14
CVE-2022-0563	Anchore CVE	Low	util-linux-extra-2.38.1-5+b1
CVE-2011-3389	Anchore CVE	Low	libgnutls30-3.7.9-2
CVE-2022-0563	Anchore CVE	Low	libblkid1-2.38.1-5+b1
CVE-2019-19882	Anchore CVE	Low	passwd-1:4.13+dfsg1-1+b1
CVE-2022-3219	Anchore CVE	Low	gpgv-2.2.40-1.1
CVE-2023-31439	Anchore CVE	Low	libudev1-252.17-1~deb12u1
CVE-2022-0563	Anchore CVE	Low	mount-2.38.1-5+b1
CVE-2019-19882	Anchore CVE	Low	login-1:4.13+dfsg1-1+b1
CVE-2023-31439	Anchore CVE	Low	libsystemd0-252.17-1~deb12u1
CVE-2023-31437	Anchore CVE	Low	libudev1-252.17-1~deb12u1
CVE-2013-4392	Anchore CVE	Low	libudev1-252.17-1~deb12u1
CVE-2022-27943	Anchore CVE	Low	libstdc++6-12.2.0-14
CVE-2023-47038	Anchore CVE	High	perl-base-5.36.0-7
CVE-2023-5981	Anchore CVE	Medium	libgnutls30-3.7.9-2
CVE-2023-45853	Twistlock CVE	Critical	zlib-1:1.2.13.dfsg-1
CVE-2023-31486	Twistlock CVE	Low	perl-5.36.0-7
CVE-2023-31484	Twistlock CVE	Low	perl-5.36.0-7
CVE-2019-19882	Twistlock CVE	Low	shadow-1:4.13+dfsg1-1
CVE-2011-4116	Twistlock CVE	Low	perl-5.36.0-7
CVE-2022-27943	Twistlock CVE	Low	gcc-12-12.2.0-14
CVE-2022-0563	Twistlock CVE	Low	util-linux-2.38.1-5
CVE-2007-5686	Twistlock CVE	Low	shadow-1:4.13+dfsg1-1
CVE-2017-18018	Twistlock CVE	Low	coreutils-9.1-1
CVE-2011-3389	Twistlock CVE	Low	gnutls28-3.7.9-2
CVE-2023-29383	Twistlock CVE	Low	shadow-1:4.13+dfsg1-1
CVE-2022-3219	Twistlock CVE	Low	gnupg2-2.2.40-1.1
CVE-2013-4392	Twistlock CVE	Low	systemd-252.17-1~deb12u1
CVE-2023-4641	Twistlock CVE	Low	shadow-1:4.13+dfsg1-1
CVE-2023-31439	Twistlock CVE	Low	systemd-252.17-1~deb12u1
CVE-2023-31438	Twistlock CVE	Low	systemd-252.17-1~deb12u1
CVE-2023-31437	Twistlock CVE	Low	systemd-252.17-1~deb12u1
CVE-2023-5981	Twistlock CVE	Medium	gnutls28-3.7.9-2
CVE-2017-12814	Twistlock CVE	Low	perl-5.36.0-7
CVE-2015-8608	Twistlock CVE	Low	perl-5.36.0-7
CVE-2018-6557	Twistlock CVE	Low	base-files-12.4+deb12u2
CVE-2023-50495	Twistlock CVE	Low	ncurses-6.4-4
CVE-2015-8313	Twistlock CVE	Low	gnutls28-3.7.9-2
CVE-2015-0282	Twistlock CVE	Low	gnutls28-3.7.9-2
CVE-2014-8155	Twistlock CVE	Low	gnutls28-3.7.9-2
CVE-2019-3815	Twistlock CVE	Low	systemd-252.17-1~deb12u1
CVE-2023-47039	Twistlock CVE	Low	perl-5.36.0-7
CVE-2023-47038	Twistlock CVE	Low	perl-5.36.0-7
CVE-2013-4487	Twistlock CVE	Low	gnutls28-3.7.9-2
CVE-2013-4466	Twistlock CVE	Low	gnutls28-3.7.9-2
CVE-2010-1158	Twistlock CVE	Low	perl-5.36.0-7
CVE-2010-0834	Twistlock CVE	Low	base-files-12.4+deb12u2
CVE-2009-5138	Twistlock CVE	Low	gnutls28-3.7.9-2
CVE-2005-4278	Twistlock CVE	Low	perl-5.36.0-7
CVE-2005-4217	Twistlock CVE	Low	perl-5.36.0-7
CVE-2004-0377	Twistlock CVE	Low	perl-5.36.0-7
CVE-2023-7008	Twistlock CVE	Low	systemd-252.17-1~deb12u1

VAT: https://vat.dso.mil/vat/image?imageName=opensource/debian/debian&tag=12.2&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/debian/debian&tag=12.2&branch=master

Tasks

Contributor:

• Provide justifications for findings in the VAT (docs)
• Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

• Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.