## Summary opensource/zeek/zeek has 8 new findings discovered during continuous monitoring. id | source | severity | package -- | ------ | -------- | ------- CVE-2021-41617 | Twistlock CVE | Medium | openssh-8.0p1-6.el8_4.2 CVE-2021-41617 | Anchore CVE | Medium | openssh-8.0p1-6.el8_4.2 CVE-2021-41617 | Anchore CVE | Medium | openssh-clients-8.0p1-6.el8_4.2 CVE-2021-40330 | Anchore CVE | Medium | git-core-2.27.0-1.el8 CVE-2020-12401 | Twistlock CVE | Medium | nss-3.67.0-6.el8_4 CVE-2020-12399 | Twistlock CVE | Medium | nss-3.67.0-6.el8_4 CVE-2020-14145 | Twistlock CVE | Medium | openssh-8.0p1-6.el8_4.2 CVE-2020-12762 | Twistlock CVE | Medium | json-c-0.13.1-0.4.el8 VAT: https://vat.dso.mil/vat/image?imageName=opensource/zeek/zeek&tag=v4.1.1-1.2&branch=master<br>More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/opensource/zeek/zeek/-/jobs/14401989 ## Tasks Contributor: - [ ] Provide justifications for findings in the [VAT](https://vat.dso.mil) ([docs](https://repo1.dso.mil/dsop/dccscr/-/blob/master/pre-approval/vat.md)) - [ ] Apply the ~"Hardening::Approval" label to this issue and wait for feedback Iron Bank: - [ ] Review findings and justifications - [ ] Send approval request to Authorizing Official - [ ] Close issue after approval from Authorizing Official > Note: If the above approval process is rejected for any reason, the `Approval` label will be removed and the issue will be sent back to `Open`. Any comments will be listed in this issue for you to address. Once they have been addressed, you **must** re-add the `Approval` label. ## Questions? Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add `/cc @ironbank-notifications/onboarding`. Additionally, Iron Bank hosts an [AMA](https://www.zoomgov.com/meeting/register/vJIsf-ytpz8qHSN_JW8Hl9Qf0AZZXSCSmfo) working session every Wednesday from 1630-1730EST to answer questions.