chore(findings): virtualitics/odin/python-sqlite

Summary

virtualitics/odin/python-sqlite has 47 new findings discovered during continuous monitoring.

id	source	package
CVE-2020-13435	twistlock_cve	sqlite-3.26.0-13.el8
CVE-2019-5827	twistlock_cve	sqlite-3.26.0-13.el8
CVE-2019-13750	twistlock_cve	sqlite-3.26.0-13.el8
CVE-2019-13751	twistlock_cve	sqlite-3.26.0-13.el8
CVE-2019-13751	anchore_cve	sqlite-devel-3.26.0-13.el8
CVE-2019-17594	anchore_cve	ncurses-6.1-7.20180224.el8
CVE-2019-19603	anchore_cve	sqlite-3.26.0-13.el8
CVE-2019-17595	anchore_cve	ncurses-6.1-7.20180224.el8
CVE-2019-19603	anchore_cve	sqlite-devel-3.26.0-13.el8
CVE-2019-13750	anchore_cve	sqlite-3.26.0-13.el8
CVE-2019-13750	anchore_cve	sqlite-devel-3.26.0-13.el8
CVE-2020-13435	anchore_cve	sqlite-3.26.0-13.el8
CVE-2020-13435	anchore_cve	sqlite-devel-3.26.0-13.el8
CVE-2019-13751	anchore_cve	sqlite-3.26.0-13.el8
CVE-2016-4607	twistlock_cve	libxslt-1.1.32-6.el8
CVE-2019-13117	twistlock_cve	libxslt-1.1.32-6.el8
CVE-2019-13118	twistlock_cve	libxslt-1.1.32-6.el8
CVE-2021-33560	twistlock_cve	libgcrypt-devel-1.8.5-4.el8
CVE-2019-13117	twistlock_cve	libxslt-devel-1.1.32-6.el8
CVE-2019-13118	twistlock_cve	libxslt-devel-1.1.32-6.el8
CVE-2016-4607	twistlock_cve	libxslt-devel-1.1.32-6.el8
CVE-2018-19211	twistlock_cve	ncurses-6.1-7.20180224.el8
CVE-2019-17594	twistlock_cve	ncurses-6.1-7.20180224.el8
CVE-2019-17595	twistlock_cve	ncurses-6.1-7.20180224.el8
CVE-2019-9937	twistlock_cve	sqlite-3.26.0-13.el8
CVE-2019-9936	twistlock_cve	sqlite-3.26.0-13.el8
CVE-2019-19244	twistlock_cve	sqlite-3.26.0-13.el8
CVE-2019-19603	twistlock_cve	sqlite-3.26.0-13.el8
CVE-2019-13750	twistlock_cve	sqlite-devel-3.26.0-13.el8
CVE-2019-13751	twistlock_cve	sqlite-devel-3.26.0-13.el8
CVE-2019-19244	twistlock_cve	sqlite-devel-3.26.0-13.el8
CVE-2019-19603	twistlock_cve	sqlite-devel-3.26.0-13.el8
CVE-2019-5827	twistlock_cve	sqlite-devel-3.26.0-13.el8
CVE-2019-9936	twistlock_cve	sqlite-devel-3.26.0-13.el8
CVE-2019-9937	twistlock_cve	sqlite-devel-3.26.0-13.el8
CVE-2020-13435	twistlock_cve	sqlite-devel-3.26.0-13.el8
CVE-2021-36084	twistlock_cve	libsepol-devel-2.9-2.el8
CVE-2021-36085	twistlock_cve	libsepol-devel-2.9-2.el8
CVE-2021-36086	twistlock_cve	libsepol-devel-2.9-2.el8
CVE-2021-36087	twistlock_cve	libsepol-devel-2.9-2.el8
CVE-2021-23840	twistlock_cve	openssl-devel-1.1.1g-15.el8_3
CVE-2021-23841	twistlock_cve	openssl-devel-1.1.1g-15.el8_3
CVE-2021-3712	twistlock_cve	openssl-devel-1.1.1g-15.el8_3
CVE-2021-40528	twistlock_cve	libgcrypt-devel-1.8.5-4.el8
CVE-2021-40528	anchore_cve	libgcrypt-devel-1.8.5-4.el8
CVE-2019-5827	anchore_cve	sqlite-devel-3.26.0-13.el8
CVE-2019-5827	anchore_cve	sqlite-3.26.0-13.el8

More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/virtualitics/python-sqlite/-/jobs/7860215

Definition of Done

Justifications:

All findings have been justified
Justifications have been provided to the container hardening team

Approval Process:

Findings Approver has reviewed and approved all justifications
Approval request has been sent to Authorizing Official
Approval request has been processed by Authorizing Official

Edited Jan 05, 2022 by Neil Prestemon

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

chore(findings): virtualitics/odin/python-sqlite

Summary

Definition of Done