From b5657d35e245c3f3544a82a58f9253a851dbacdf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20-=20Le=20Filament?= <remi@le-filament.com>
Date: Wed, 14 Dec 2022 11:24:59 +0100
Subject: [PATCH] [INIT] create 15.0 branch from 16.0
---
.gitlab-ci.yml | 34 ++-
15.0.Dockerfile | 128 ++++++++++
16.0-scratch.Dockerfile | 220 -----------------
16.0.Dockerfile | 138 -----------
entrypoint-scratch.sh | 87 -------
security_analysis16.txt | 522 ----------------------------------------
6 files changed, 151 insertions(+), 978 deletions(-)
create mode 100644 15.0.Dockerfile
delete mode 100644 16.0-scratch.Dockerfile
delete mode 100644 16.0.Dockerfile
delete mode 100755 entrypoint-scratch.sh
delete mode 100644 security_analysis16.txt
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 769ce96..c3c3542 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,7 +5,7 @@
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
-image: docker:20.10.17
+image: docker:20.10.21
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
@@ -14,10 +14,10 @@ container_scanning:
DOCKER_IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_BRANCH"
DOCKERFILE_PATH: "$CI_COMMIT_BRANCH.Dockerfile"
docker-build-10.0:
- image: docker:20.10.17
+ image: docker:20.10.21
stage: build
services:
- - docker:20.10.17-dind
+ - docker:20.10.21-dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
@@ -26,10 +26,10 @@ docker-build-10.0:
only:
- '10.0'
docker-build-12.0:
- image: docker:20.10.17
+ image: docker:20.10.21
stage: build
services:
- - docker:20.10.17-dind
+ - docker:20.10.21-dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
@@ -43,10 +43,10 @@ docker-build-12.0:
only:
- '12.0'
docker-build-14.0:
- image: docker:20.10.17
+ image: docker:20.10.21
stage: build
services:
- - docker:20.10.17-dind
+ - docker:20.10.21-dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
@@ -54,11 +54,23 @@ docker-build-14.0:
- docker push "$CI_REGISTRY_IMAGE:14.0"
only:
- '14.0'
+docker-build-15.0:
+ image: docker:20.10.21
+ stage: build
+ services:
+ - docker:20.10.21-dind
+ before_script:
+ - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+ script:
+ - docker build --pull -f 15.0.Dockerfile -t "$CI_REGISTRY_IMAGE:15.0" .
+ - docker push "$CI_REGISTRY_IMAGE:15.0"
+ only:
+ - '16.0'
docker-build-16.0:
- image: docker:20.10.17
+ image: docker:20.10.21
stage: build
services:
- - docker:20.10.17-dind
+ - docker:20.10.21-dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
@@ -67,10 +79,10 @@ docker-build-16.0:
only:
- '16.0'
docker-build-16.0-scratch:
- image: docker:20.10.17
+ image: docker:20.10.21
stage: build
services:
- - docker:20.10.17-dind
+ - docker:20.10.21-dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
diff --git a/15.0.Dockerfile b/15.0.Dockerfile
new file mode 100644
index 0000000..98b2248
--- /dev/null
+++ b/15.0.Dockerfile
@@ -0,0 +1,128 @@
+FROM python:3.10-slim-bullseye AS builder
+RUN set -x; \
+ apt-get update &&\
+ apt-get install -y --no-install-recommends build-essential libldap2-dev libpq-dev libsasl2-dev &&\
+ pip install wheel &&\
+ pip wheel --wheel-dir=/svc/wheels -r https://raw.githubusercontent.com/oca/OCB/15.0/requirements.txt &&\
+ pip wheel --wheel-dir=/svc/wheels phonenumbers simplejson openupgradelib PyYAML
+
+
+FROM python:3.10-slim-bullseye AS final
+ENV LANG=C.UTF-8 \
+ LC_ALL=C.UTF-8 \
+ PGDATABASE=odoo
+
+RUN set -x; \
+ apt-get update &&\
+ apt-get install -y --no-install-recommends \
+ curl \
+ git \
+ gnupg \
+ openssh-client \
+ xmlsec1 &&\
+ echo 'deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main' >> /etc/apt/sources.list.d/postgresql.list &&\
+ curl -SL https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - &&\
+ curl -o wkhtmltox.deb -SL https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6.1-2/wkhtmltox_0.12.6.1-2.bullseye_amd64.deb &&\
+ echo 'cecbf5a6abbd68d324a7cd6c51ec843d71e98951 wkhtmltox.deb' | sha1sum -c - &&\
+ apt-get update &&\
+ apt-get install -y --no-install-recommends ./wkhtmltox.deb &&\
+ apt-get install -y --no-install-recommends postgresql-client &&\
+ apt-get -y autoremove &&\
+ rm -rf /var/lib/apt/lists/* wkhtmltox.deb
+
+COPY --from=builder /svc /svc
+RUN pip3 install --no-index --find-links=/svc/wheels -r https://raw.githubusercontent.com/oca/OCB/15.0/requirements.txt &&\
+ pip3 install --no-index --find-links=/svc/wheels phonenumbers simplejson openupgradelib PyYAML
+
+# Add Git Known Hosts
+COPY ./ssh_known_git_hosts /root/.ssh/known_hosts
+
+# Install Odoo and remove not French translations and .git directory to limit amount of data used by container
+RUN set -x; \
+ useradd --create-home --home-dir /opt/odoo --no-log-init odoo &&\
+ /bin/bash -c "mkdir -p /opt/odoo/{etc,odoo,additional_addons,private_addons,data,private}" &&\
+ git clone -b 15.0 --depth 1 https://github.com/OCA/OCB.git /opt/odoo/odoo &&\
+ rm -rf /opt/odoo/odoo/.git &&\
+ find /opt/odoo/odoo/addons/*/i18n/ /opt/odoo/odoo/odoo/addons/base/i18n/ -type f -not -name 'fr.po' -delete &&\
+ chown -R odoo:odoo /opt/odoo
+
+# Install Odoo OCA default dependencies - Commented modules do not exist yet
+RUN set -x; \
+ mkdir -p /tmp/oca-repos/ &&\
+ git clone -b 15.0 --depth 1 https://github.com/OCA/account-financial-reporting.git /tmp/oca-repos/account-financial-reporting &&\
+ mv /tmp/oca-repos/account-financial-reporting/account_tax_balance /opt/odoo/additional_addons/ &&\
+ git clone -b 15.0 --depth 1 https://github.com/OCA/account-financial-tools.git /tmp/oca-repos/account-financial-tools &&\
+ mv /tmp/oca-repos/account-financial-tools/account_lock_date_update \
+ /tmp/oca-repos/account-financial-tools/account_move_name_sequence \
+ /opt/odoo/additional_addons/ &&\
+ git clone -b 15.0 --depth 1 https://github.com/OCA/account-invoicing.git /tmp/oca-repos/account-invoicing &&\
+ mv /tmp/oca-repos/account-invoicing/sale_timesheet_invoice_description \
+ /opt/odoo/additional_addons/ &&\
+ git clone -b 15.0 --depth 1 https://github.com/OCA/account-reconcile.git /tmp/oca-repos/account-reconcile &&\
+ mv /tmp/oca-repos/account-reconcile/account_reconciliation_widget \
+ /opt/odoo/additional_addons/ &&\
+ git clone -b 15.0 --depth 1 https://github.com/OCA/bank-statement-import.git /tmp/oca-repos/bank-statement-import &&\
+ mv /tmp/oca-repos/bank-statement-import/account_statement_import \
+ /opt/odoo/additional_addons/ &&\
+ git clone -b 15.0 --depth 1 https://github.com/OCA/crm.git /tmp/oca-repos/crm &&\
+ mv /tmp/oca-repos/crm/crm_stage_probability /opt/odoo/additional_addons/ &&\
+ git clone -b 15.0 --depth 1 https://github.com/OCA/partner-contact.git /tmp/oca-repos/partner-contact &&\
+ mv /tmp/oca-repos/partner-contact/partner_firstname \
+ /opt/odoo/additional_addons/ &&\
+ git clone -b 15.0 --depth 1 https://github.com/OCA/project.git /tmp/oca-repos/project &&\
+ mv /tmp/oca-repos/project/project_status \
+ /tmp/oca-repos/project/project_task_default_stage \
+ /tmp/oca-repos/project/project_template \
+ /tmp/oca-repos/project/project_timeline \
+ /opt/odoo/additional_addons/ &&\
+ git clone -b 15.0 --depth 1 https://github.com/OCA/server-brand.git /tmp/oca-repos/server-brand &&\
+ mv /tmp/oca-repos/server-brand/disable_odoo_online \
+ /tmp/oca-repos/server-brand/remove_odoo_enterprise \
+ /opt/odoo/additional_addons/ &&\
+ git clone -b 15.0 --depth 1 https://github.com/OCA/server-tools.git /tmp/oca-repos/server-tools &&\
+ mv /tmp/oca-repos/server-tools/base_search_fuzzy \
+ /tmp/oca-repos/server-tools/module_change_auto_install \
+ /opt/odoo/additional_addons/ &&\
+ git clone -b 15.0 --depth 1 https://github.com/OCA/server-ux.git /tmp/oca-repos/server-ux &&\
+ mv /tmp/oca-repos/server-ux/base_technical_features \
+ /tmp/oca-repos/server-ux/date_range \
+ /tmp/oca-repos/server-ux/mass_editing \
+ /opt/odoo/additional_addons/ &&\
+ git clone -b 15.0 --depth 1 https://github.com/OCA/social.git /tmp/oca-repos/social &&\
+ mv /tmp/oca-repos/social/base_search_mail_content \
+ /tmp/oca-repos/social/mail_debrand \
+ /tmp/oca-repos/social/mail_tracking \
+ /opt/odoo/additional_addons/ &&\
+ git clone -b 15.0 --depth 1 https://github.com/OCA/web.git /tmp/oca-repos/web &&\
+ mv /tmp/oca-repos/web/web_environment_ribbon \
+ /tmp/oca-repos/web/web_responsive \
+ /tmp/oca-repos/web/web_no_bubble \
+ /tmp/oca-repos/web/web_timeline \
+ /opt/odoo/additional_addons/ &&\
+ rm -rf /tmp/oca-repos/ &&\
+ find /opt/odoo/additional_addons/*/i18n/ -type f -not -name 'fr.po' -delete &&\
+ chown -R odoo:odoo /opt/odoo
+
+# Copy entrypoint script and Odoo configuration file
+COPY ./entrypoint.sh /
+COPY ./odoo.conf /opt/odoo/etc/odoo.conf
+RUN chown odoo:odoo /opt/odoo/etc/odoo.conf
+
+# Mount /opt/odoo/data to allow restoring filestore
+VOLUME ["/opt/odoo/data/"]
+
+# Expose Odoo services
+EXPOSE 8069
+
+# Set default user when running the container
+USER odoo
+
+# Start
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["odoo"]
+
+# Metadata
+LABEL org.label-schema.schema-version="15.0" \
+ org.label-schema.vendor=LeFilament \
+ org.label-schema.license=Apache-2.0 \
+ org.label-schema.vcs-url="https://sources.le-filament.com/lefilament/odoo_docker"
diff --git a/16.0-scratch.Dockerfile b/16.0-scratch.Dockerfile
deleted file mode 100644
index 9b99dab..0000000
--- a/16.0-scratch.Dockerfile
+++ /dev/null
@@ -1,220 +0,0 @@
-FROM surnet/alpine-wkhtmltopdf:3.16.0-0.12.6-small as wkhtmltopdf
-
-
-FROM alpine as build
-
-# Initial setup of new root.
-RUN apk update \
- && mkdir --parents \
- /newroot/etc \
- /newroot/bin \
- /newroot/usr/bin \
- && cp -a --parents \
- /bin/busybox \
- /lib/ld-musl* \
- /newroot/ \
- && /bin/busybox --install -s /newroot/bin/ \
- && /bin/busybox --install -s /newroot/usr/bin/ \
- && echo 'root:x:0:0:::' > /newroot/etc/passwd \
- && echo 'root:x:0:' > /newroot/etc/group
-
-# Add depedencies
-RUN apk add --no-cache \
- file \
- freetype-dev \
- g++ \
- gcc \
- git \
- jpeg-dev \
- libev-dev \
- libffi-dev \
- libx11-dev \
- libxrender-dev \
- fontconfig-dev \
- make \
- musl-dev \
- openldap-dev \
- postgresql-dev \
- py3-pip \
- python3 \
- python3-dev \
- zlib-dev
-
-# Add Odoo.
-RUN git clone -b 16.0 --depth 1 https://github.com/OCA/OCB.git /newroot/opt/odoo/odoo \
- && rm -rf /newroot/opt/odoo/odoo/.git \
- && find /newroot/opt/odoo/odoo/addons/*/i18n/ /newroot/opt/odoo/odoo/odoo/addons/base/i18n/ -type f -not -name 'fr.po' -delete
-
-## Add Git known hosts.
-COPY ./ssh_known_git_hosts /root/.ssh/known_hosts
-
-## Install Odoo OCA and Le Filament default dependencies.
-RUN mkdir -p \
- /tmp/oca-repos/ \
- /newroot/opt/odoo/additional_addons \
- /newroot/opt/odoo/private_addons \
- && git clone -b 16.0 --depth 1 \
- https://github.com/OCA/account-financial-reporting.git \
- /tmp/oca-repos/account-financial-reporting \
- && mv /tmp/oca-repos/account-financial-reporting/account_tax_balance \
- /newroot/opt/odoo/additional_addons/ \
-# && git clone -b 16.0 --depth 1 \
-# https://github.com/OCA/account-financial-tools.git \
-# /tmp/oca-repos/account-financial-tools \
-# && mv /tmp/oca-repos/account-financial-tools/account_lock_date_update \
-# /tmp/oca-repos/account-financial-tools/account_move_name_sequence \
-# /tmp/oca-repos/account-financial-tools/account_reconcile_show_boolean \
-# /newroot/opt/odoo/additional_addons/ \
-# && git clone -b 16.0 --depth 1 \
-# https://github.com/OCA/account-invoicing.git \
-# /tmp/oca-repos/account-invoicing \
-# && mv /tmp/oca-repos/account-invoicing/sale_timesheet_invoice_description \
-# /newroot/opt/odoo/additional_addons/ \
-# && git clone -b 16.0 --depth 1 \
-# https://github.com/OCA/account-reconcile.git \
-# /tmp/oca-repos/account-reconcile \
-# && mv /tmp/oca-repos/account-reconcile/account_reconciliation_widget \
-# /newroot/opt/odoo/additional_addons/ \
-# && git clone -b 16.0 --depth 1 \
-# https://github.com/OCA/bank-statement-import.git \
-# /tmp/oca-repos/bank-statement-import \
-# && mv /tmp/oca-repos/bank-statement-import/account_statement_import \
-# /tmp/oca-repos/bank-statement-import/account_statement_import_ofx \
-# /newroot/opt/odoo/additional_addons/ \
-# && git clone -b 16.0 --depth 1 \
-# https://github.com/OCA/crm.git \
-# /tmp/oca-repos/crm \
-# && mv /tmp/oca-repos/crm/crm_stage_probability \
-# /newroot/opt/odoo/additional_addons/ \
- && git clone -b 16.0 --depth 1 \
- https://github.com/OCA/partner-contact.git \
- /tmp/oca-repos/partner-contact \
- && mv /tmp/oca-repos/partner-contact/partner_disable_gravatar \
- /tmp/oca-repos/partner-contact/partner_firstname \
- /newroot/opt/odoo/additional_addons/ \
- && git clone -b 16.0 --depth 1 \
- https://github.com/OCA/project.git \
- /tmp/oca-repos/project \
-# && mv /tmp/oca-repos/project/project_category \
-# /tmp/oca-repos/project/project_status \
- && mv /tmp/oca-repos/project/project_task_default_stage \
- /tmp/oca-repos/project/project_template \
-# /tmp/oca-repos/project/project_timeline \
- /newroot/opt/odoo/additional_addons/ \
-# && git clone -b 16.0 --depth 1 \
-# https://github.com/OCA/server-auth.git \
-# /tmp/oca-repos/server-auth \
-# && mv /tmp/oca-repos/server-auth/password_security \
-# /newroot/opt/odoo/additional_addons/ \
-# && git clone -b 16.0 --depth 1 \
-# https://github.com/OCA/server-brand.git \
-# /tmp/oca-repos/server-brand \
-# && mv /tmp/oca-repos/server-brand/disable_odoo_online \
-# /tmp/oca-repos/server-brand/remove_odoo_enterprise \
-# /newroot/opt/odoo/additional_addons/ \
- && git clone -b 16.0 --depth 1 \
- https://github.com/OCA/server-tools.git \
- /tmp/oca-repos/server-tools \
-# && mv /tmp/oca-repos/server-tools/base_search_fuzzy \
- && mv /tmp/oca-repos/server-tools/module_change_auto_install \
- /newroot/opt/odoo/additional_addons/ \
- && git clone -b 16.0 --depth 1 \
- https://github.com/OCA/server-ux.git \
- /tmp/oca-repos/server-ux \
- && mv /tmp/oca-repos/server-ux/base_technical_features \
- /tmp/oca-repos/server-ux/date_range \
-# /tmp/oca-repos/server-ux/mass_editing \
- /newroot/opt/odoo/additional_addons/ \
-# && git clone -b 16.0 --depth 1 \
-# https://github.com/OCA/social.git \
-# /tmp/oca-repos/social \
-# && mv /tmp/oca-repos/social/base_search_mail_content \
-# /tmp/oca-repos/social/mail_debrand \
-# /tmp/oca-repos/social/mail_tracking \
-# /newroot/opt/odoo/additional_addons/ \
- && git clone -b 16.0 --depth 1 \
- https://github.com/OCA/web.git \
- /tmp/oca-repos/web \
- && mv /tmp/oca-repos/web/web_environment_ribbon \
-# /tmp/oca-repos/web/web_responsive \
-# /tmp/oca-repos/web/web_no_bubble \
-# /tmp/oca-repos/web/web_timeline \
- /newroot/opt/odoo/additional_addons/ \
- && rm -rf /tmp/oca-repos/ \
- && find /newroot/opt/odoo/additional_addons/*/i18n/ -type f -not -name 'fr.po' -delete
-# && git clone -b 16.0 --depth 1 \
-# https://sources.le-filament.com/lefilament/remove_login_links.git \
-# /newroot/opt/odoo/private_addons/remove_login_links \
-# && git clone -b 16.0 --depth 1 \
-# https://sources.le-filament.com/lefilament/lefilament_release_agent.git \
-# /newroot/opt/odoo/private_addons/lefilament_release_agent
-
-# Fix a ldap library bug.
-RUN echo -n "INPUT ( libldap.so )" > /usr/lib/libldap_r.so
-
-# Install Python requirements.
-RUN pip install --requirement /newroot/opt/odoo/odoo/requirements.txt
-
-# Only copy libraries of needed binaries to new root.
-RUN ls \
- /lib/libz.so* \
- /usr/bin/python3* \
- /usr/lib/libexpat.so* \
- /usr/lib/libfontconfig.so* \
- /usr/lib/libfreetype.so* \
- /usr/lib/libjpeg.so* \
- /usr/lib/libpq.so* \
- /usr/lib/libpython3.so* \
- /usr/lib/python3.10/lib-dynload/*.so \
- /usr/lib/python3.10/site-packages/*.so \
- /usr/lib/libX11.so* \
- /usr/lib/libXrender.so* \
- > to_copy \
- && xargs -a to_copy -I R ldd R \
- | tr -s '[:blank:]' '\n' \
- | grep '^/' \
- | sed 's/://' \
- | sort -u \
- | xargs cp -aL --parents -t /newroot/ \
- && xargs -a to_copy cp -a --parents -t /newroot/
-
-# Copy Python libraries.
-RUN cp -a --parents \
- /usr/lib/python3.10/ \
- /newroot
-
-COPY --from=wkhtmltopdf /bin/wkhtmltopdf /newroot/bin/wkhtmltopdf
-COPY ./entrypoint-scratch.sh /newroot/entrypoint.sh
-
-# Add odoo user.
-RUN echo 'odoo:x:1:1:::' >> /newroot/etc/passwd \
- && echo 'odoo:x:1:' >> /newroot/etc/group \
- && chown -R 1:1 /newroot/opt/odoo/ \
- && chmod 555 /newroot/entrypoint.sh \
- && mkdir /newroot/tmp \
- && chmod 1777 /newroot/tmp
-
-
-# Final image.
-FROM scratch
-
-COPY --from=build /newroot /
-
-# Mount /opt/odoo/data to allow restoring filestore.
-VOLUME ["/opt/odoo/data/"]
-
-# Expose Odoo services.
-EXPOSE 8069
-
-# Set default user when running the container.
-USER odoo
-
-# Start
-ENTRYPOINT ["/entrypoint.sh"]
-CMD ["odoo"]
-
-# Metadata
-LABEL org.label-schema.schema-version="16.0" \
- org.label-schema.vendor=LeFilament \
- org.label-schema.license=Apache-2.0 \
- org.label-schema.vcs-url="https://sources.le-filament.com/lefilament/odoo_docker"
diff --git a/16.0.Dockerfile b/16.0.Dockerfile
deleted file mode 100644
index 47306d9..0000000
--- a/16.0.Dockerfile
+++ /dev/null
@@ -1,138 +0,0 @@
-FROM python:3.10-slim-bullseye AS builder
-RUN set -x; \
- apt-get update &&\
- apt-get install -y --no-install-recommends build-essential libldap2-dev libpq-dev libsasl2-dev &&\
- pip install wheel &&\
- pip wheel --wheel-dir=/svc/wheels -r https://raw.githubusercontent.com/oca/OCB/16.0/requirements.txt &&\
- pip wheel --wheel-dir=/svc/wheels phonenumbers simplejson openupgradelib PyYAML
-
-
-FROM python:3.10-slim-bullseye AS final
-ENV LANG=C.UTF-8 \
- LC_ALL=C.UTF-8 \
- PGDATABASE=odoo
-
-RUN set -x; \
- apt-get update &&\
- apt-get install -y --no-install-recommends \
- curl \
- git \
- gnupg \
- openssh-client \
- xmlsec1 &&\
- echo 'deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main' >> /etc/apt/sources.list.d/postgresql.list &&\
- curl -SL https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - &&\
- curl -o wkhtmltox.deb -SL https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6.1-2/wkhtmltox_0.12.6.1-2.bullseye_amd64.deb &&\
- echo 'cecbf5a6abbd68d324a7cd6c51ec843d71e98951 wkhtmltox.deb' | sha1sum -c - &&\
- apt-get update &&\
- apt-get install -y --no-install-recommends ./wkhtmltox.deb &&\
- apt-get install -y --no-install-recommends postgresql-client &&\
- apt-get -y autoremove &&\
- rm -rf /var/lib/apt/lists/* wkhtmltox.deb
-
-COPY --from=builder /svc /svc
-RUN pip3 install --no-index --find-links=/svc/wheels -r https://raw.githubusercontent.com/oca/OCB/16.0/requirements.txt &&\
- pip3 install --no-index --find-links=/svc/wheels phonenumbers simplejson openupgradelib PyYAML
-
-# Add Git Known Hosts
-COPY ./ssh_known_git_hosts /root/.ssh/known_hosts
-
-# Install Odoo and remove not French translations and .git directory to limit amount of data used by container
-RUN set -x; \
- useradd --create-home --home-dir /opt/odoo --no-log-init odoo &&\
- /bin/bash -c "mkdir -p /opt/odoo/{etc,odoo,additional_addons,private_addons,data,private}" &&\
- git clone -b 16.0 --depth 1 https://github.com/OCA/OCB.git /opt/odoo/odoo &&\
- rm -rf /opt/odoo/odoo/.git &&\
- find /opt/odoo/odoo/addons/*/i18n/ /opt/odoo/odoo/odoo/addons/base/i18n/ -type f -not -name 'fr.po' -delete &&\
- chown -R odoo:odoo /opt/odoo
-
-# Install Odoo OCA default dependencies - Commented modules do not exist yet
-RUN set -x; \
- mkdir -p /tmp/oca-repos/ &&\
- git clone -b 16.0 --depth 1 https://github.com/OCA/account-financial-reporting.git /tmp/oca-repos/account-financial-reporting &&\
- mv /tmp/oca-repos/account-financial-reporting/account_tax_balance /opt/odoo/additional_addons/ &&\
-# git clone -b 16.0 --depth 1 https://github.com/OCA/account-financial-tools.git /tmp/oca-repos/account-financial-tools &&\
-# mv /tmp/oca-repos/account-financial-tools/account_lock_date_update \
-# /tmp/oca-repos/account-financial-tools/account_move_name_sequence \
-# /tmp/oca-repos/account-financial-tools/account_reconcile_show_boolean \
-# /opt/odoo/additional_addons/ &&\
-# git clone -b 16.0 --depth 1 https://github.com/OCA/account-invoicing.git /tmp/oca-repos/account-invoicing &&\
-# mv /tmp/oca-repos/account-invoicing/sale_timesheet_invoice_description \
-# /opt/odoo/additional_addons/ &&\
-# git clone -b 16.0 --depth 1 https://github.com/OCA/account-reconcile.git /tmp/oca-repos/account-reconcile &&\
-# mv /tmp/oca-repos/account-reconcile/account_reconciliation_widget \
-# /opt/odoo/additional_addons/ &&\
-# git clone -b 16.0 --depth 1 https://github.com/OCA/bank-statement-import.git /tmp/oca-repos/bank-statement-import &&\
-# mv /tmp/oca-repos/bank-statement-import/account_statement_import \
-# /tmp/oca-repos/bank-statement-import/account_statement_import_ofx \
-# /opt/odoo/additional_addons/ &&\
-# git clone -b 16.0 --depth 1 https://github.com/OCA/crm.git /tmp/oca-repos/crm &&\
-# mv /tmp/oca-repos/crm/crm_stage_probability /opt/odoo/additional_addons/ &&\
- git clone -b 16.0 --depth 1 https://github.com/OCA/partner-contact.git /tmp/oca-repos/partner-contact &&\
- mv /tmp/oca-repos/partner-contact/partner_disable_gravatar \
- /tmp/oca-repos/partner-contact/partner_firstname \
- /opt/odoo/additional_addons/ &&\
- git clone -b 16.0 --depth 1 https://github.com/OCA/project.git /tmp/oca-repos/project &&\
-# mv /tmp/oca-repos/project/project_category \
-# /tmp/oca-repos/project/project_status \
- mv /tmp/oca-repos/project/project_task_default_stage \
- /tmp/oca-repos/project/project_template \
-# /tmp/oca-repos/project/project_timeline \
- /opt/odoo/additional_addons/ &&\
-# git clone -b 16.0 --depth 1 https://github.com/OCA/server-auth.git /tmp/oca-repos/server-auth &&\
-# mv /tmp/oca-repos/server-auth/password_security \
-# /opt/odoo/additional_addons/ &&\
-# git clone -b 16.0 --depth 1 https://github.com/OCA/server-brand.git /tmp/oca-repos/server-brand &&\
-# mv /tmp/oca-repos/server-brand/disable_odoo_online \
-# /tmp/oca-repos/server-brand/remove_odoo_enterprise \
-# /opt/odoo/additional_addons/ &&\
- git clone -b 16.0 --depth 1 https://github.com/OCA/server-tools.git /tmp/oca-repos/server-tools &&\
-# mv /tmp/oca-repos/server-tools/base_search_fuzzy \
- mv /tmp/oca-repos/server-tools/module_change_auto_install \
- /opt/odoo/additional_addons/ &&\
- git clone -b 16.0 --depth 1 https://github.com/OCA/server-ux.git /tmp/oca-repos/server-ux &&\
- mv /tmp/oca-repos/server-ux/base_technical_features \
- /tmp/oca-repos/server-ux/date_range \
-# /tmp/oca-repos/server-ux/mass_editing \
- /opt/odoo/additional_addons/ &&\
-# git clone -b 16.0 --depth 1 https://github.com/OCA/social.git /tmp/oca-repos/social &&\
-# mv /tmp/oca-repos/social/base_search_mail_content \
-# /tmp/oca-repos/social/mail_debrand \
-# /tmp/oca-repos/social/mail_tracking \
-# /opt/odoo/additional_addons/ &&\
- git clone -b 16.0 --depth 1 https://github.com/OCA/web.git /tmp/oca-repos/web &&\
- mv /tmp/oca-repos/web/web_environment_ribbon \
-# /tmp/oca-repos/web/web_responsive \
-# /tmp/oca-repos/web/web_no_bubble \
-# /tmp/oca-repos/web/web_timeline \
- /opt/odoo/additional_addons/ &&\
- rm -rf /tmp/oca-repos/ &&\
- find /opt/odoo/additional_addons/*/i18n/ -type f -not -name 'fr.po' -delete &&\
-# # Install Le Filament default dependency
-# git clone -b 16.0 --depth 1 https://sources.le-filament.com/lefilament/remove_login_links.git /opt/odoo/private_addons/remove_login_links &&\
-# git clone -b 16.0 --depth 1 https://sources.le-filament.com/lefilament/lefilament_release_agent.git /opt/odoo/private_addons/lefilament_release_agent &&\
- chown -R odoo:odoo /opt/odoo
-
-# Copy entrypoint script and Odoo configuration file
-COPY ./entrypoint.sh /
-COPY ./odoo.conf /opt/odoo/etc/odoo.conf
-RUN chown odoo:odoo /opt/odoo/etc/odoo.conf
-
-# Mount /opt/odoo/data to allow restoring filestore
-VOLUME ["/opt/odoo/data/"]
-
-# Expose Odoo services
-EXPOSE 8069
-
-# Set default user when running the container
-USER odoo
-
-# Start
-ENTRYPOINT ["/entrypoint.sh"]
-CMD ["odoo"]
-
-# Metadata
-LABEL org.label-schema.schema-version="16.0" \
- org.label-schema.vendor=LeFilament \
- org.label-schema.license=Apache-2.0 \
- org.label-schema.vcs-url="https://sources.le-filament.com/lefilament/odoo_docker"
diff --git a/entrypoint-scratch.sh b/entrypoint-scratch.sh
deleted file mode 100755
index d11e0b4..0000000
--- a/entrypoint-scratch.sh
+++ /dev/null
@@ -1,87 +0,0 @@
-#!/bin/sh
-
-# set the postgres database host, port, user and password according to the environment
-# and pass them as arguments to the odoo process if not present in the config file
-: ${HOST:=${DB_PORT_5432_TCP_ADDR:='db'}}
-: ${PORT:=${DB_PORT_5432_TCP_PORT:=5432}}
-: ${USER:=${DB_ENV_POSTGRES_USER:=${POSTGRES_USER:='odoo'}}}
-: ${PASSWORD:=${DB_ENV_POSTGRES_PASSWORD:=${POSTGRES_PASSWORD:='odoo'}}}
-
-check_config() {
- param="$1"
- value="$2"
- if ! grep -q -E "^\s*\b${param}\b\s*=" /opt/odoo/etc/odoo.conf ; then
- DB_ARGS="${DB_ARGS} --${param} ${value}"
- fi;
-}
-
-unaccent_db() {
- /usr/bin/python3 -c "import psycopg2
-
-try:
- conn = psycopg2.connect(database='postgres', user='${USER}', password='${PASSWORD}', host='${HOST}', port='${PORT}')
-except:
- print('err: init: fail to connect to database')
- exit(11)
-
-cur = conn.cursor()
-try:
- cur.execute(\"SELECT datname FROM pg_database WHERE datname='${PGDATABASE}'\")
-except:
- print('err: init: fail to execute request')
- cur.close()
- conn.close()
- exit(12)
-
-if not cur.fetchall():
- cur.close()
- conn.close()
- exit(1)
-
-try:
- cur.execute('CREATE EXTENSION IF NOT EXISTS unaccent')
-except:
- print('err: init: fail to execute request')
- cur.close()
- conn.close()
- exit(13)
-
-conn.commit()
-cur.close()
-conn.close()
-exit(0)"
-
- return $?
-}
-
-DB_ARGS=''
-check_config "db_host" "$HOST"
-check_config "db_port" "$PORT"
-check_config "db_user" "$USER"
-check_config "db_password" "$PASSWORD"
-
-unaccent_db
-return_code=$?
-[ "$return_code" -gt 10 ] && exit 1
-if [ "$return_code" == 1 ]; then
- echo "info: init: database $PGDATABASE does not exist"
- DB_ARGS="${DB_ARGS} --load-language fr_FR"
-fi
-
-case "$1" in
- -- | odoo)
- shift
- if [[ "$1" == "scaffold" ]] ; then
- exec /opt/odoo/odoo/odoo-bin -c /opt/odoo/etc/odoo.conf "$@"
- else
- exec /opt/odoo/odoo/odoo-bin -c /opt/odoo/etc/odoo.conf "$@" ${DB_ARGS}
- fi
- ;;
- -*)
- exec /opt/odoo/odoo/odoo-bin -c /opt/odoo/etc/odoo.conf "$@" ${DB_ARGS}
- ;;
- *)
- exec "$@"
-esac
-
-exit 1
diff --git a/security_analysis16.txt b/security_analysis16.txt
deleted file mode 100644
index 7c0420e..0000000
--- a/security_analysis16.txt
+++ /dev/null
@@ -1,522 +0,0 @@
-/mnt/REMI_DATA2/filodoo16.tar (debian 11.4)
-
-Total: 133 (UNKNOWN: 0, LOW: 101, MEDIUM: 3, HIGH: 25, CRITICAL: 4)
-
-┌───────────────────┬──────────────────┬──────────┬─────────────────────────┬─────────────────┬──────────────────────────────────────────────────────────────┐
-│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ apt │ CVE-2011-3374 │ LOW │ 2.2.4 │ │ It was found that apt-key in apt, all versions, do not │
-│ │ │ │ │ │ correctly... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-3374 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ bsdutils │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
-│ │ │ │ │ │ and chsh when compiled... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ coreutils │ CVE-2016-2781 │ │ 8.32-4 │ │ coreutils: Non-privileged session can escape to the parent │
-│ │ │ │ │ │ session in chroot │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2016-2781 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2017-18018 │ │ │ │ coreutils: race condition vulnerability in chown and chgrp │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-18018 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ curl │ CVE-2021-22922 │ │ 7.74.0-1.3+deb11u2 │ │ curl: Content not matching hash in Metalink is not being │
-│ │ │ │ │ │ discarded │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-22922 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-22923 │ │ │ │ curl: Metalink download sends credentials │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-22923 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ e2fsprogs │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ git │ CVE-2022-24765 │ │ 1:2.30.2-1 │ │ git: On multi-user machines Git users might find themselves │
-│ │ │ │ │ │ unexpectedly in a... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-24765 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2022-29187 │ │ │ │ git: Bypass of safe.directory protections │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29187 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-1000021 │ LOW │ │ │ git: client prints server-sent ANSI escape codes to the │
-│ │ │ │ │ │ terminal, allowing for... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-1000021 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2022-24975 │ │ │ │ git: The --mirror option for git leaks secret for deleted │
-│ │ │ │ │ │ content, aka... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-24975 │
-├───────────────────┼──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ git-man │ CVE-2022-24765 │ HIGH │ │ │ git: On multi-user machines Git users might find themselves │
-│ │ │ │ │ │ unexpectedly in a... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-24765 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2022-29187 │ │ │ │ git: Bypass of safe.directory protections │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29187 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-1000021 │ LOW │ │ │ git: client prints server-sent ANSI escape codes to the │
-│ │ │ │ │ │ terminal, allowing for... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-1000021 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2022-24975 │ │ │ │ git: The --mirror option for git leaks secret for deleted │
-│ │ │ │ │ │ content, aka... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-24975 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libapt-pkg6.0 │ CVE-2011-3374 │ │ 2.2.4 │ │ It was found that apt-key in apt, all versions, do not │
-│ │ │ │ │ │ correctly... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-3374 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libblkid1 │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
-│ │ │ │ │ │ and chsh when compiled... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libc-bin │ CVE-2021-3999 │ HIGH │ 2.31-13+deb11u3 │ │ glibc: Off-by-one buffer overflow/underflow in getcwd() │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2010-4756 │ LOW │ │ │ glibc: glob implementation can cause excessive CPU and │
-│ │ │ │ │ │ memory consumption due to... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2010-4756 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-20796 │ │ │ │ glibc: uncontrolled recursion in function │
-│ │ │ │ │ │ check_dst_limits_calc_pos_1 in posix/regexec.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-20796 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010022 │ │ │ │ glibc: stack guard protection bypass │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010022 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010023 │ │ │ │ glibc: running ldd on malicious ELF leads to code execution │
-│ │ │ │ │ │ because of... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010023 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010024 │ │ │ │ glibc: ASLR bypass using cache of thread stack and heap │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010024 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010025 │ │ │ │ glibc: information disclosure of heap addresses of │
-│ │ │ │ │ │ pthread_created thread │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010025 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-9192 │ │ │ │ glibc: uncontrolled recursion in function │
-│ │ │ │ │ │ check_dst_limits_calc_pos_1 in posix/regexec.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-9192 │
-├───────────────────┼──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libc6 │ CVE-2021-3999 │ HIGH │ │ │ glibc: Off-by-one buffer overflow/underflow in getcwd() │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3999 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2010-4756 │ LOW │ │ │ glibc: glob implementation can cause excessive CPU and │
-│ │ │ │ │ │ memory consumption due to... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2010-4756 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-20796 │ │ │ │ glibc: uncontrolled recursion in function │
-│ │ │ │ │ │ check_dst_limits_calc_pos_1 in posix/regexec.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-20796 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010022 │ │ │ │ glibc: stack guard protection bypass │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010022 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010023 │ │ │ │ glibc: running ldd on malicious ELF leads to code execution │
-│ │ │ │ │ │ because of... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010023 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010024 │ │ │ │ glibc: ASLR bypass using cache of thread stack and heap │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010024 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-1010025 │ │ │ │ glibc: information disclosure of heap addresses of │
-│ │ │ │ │ │ pthread_created thread │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010025 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-9192 │ │ │ │ glibc: uncontrolled recursion in function │
-│ │ │ │ │ │ check_dst_limits_calc_pos_1 in posix/regexec.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-9192 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libcom-err2 │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libcurl3-gnutls │ CVE-2021-22922 │ LOW │ 7.74.0-1.3+deb11u2 │ │ curl: Content not matching hash in Metalink is not being │
-│ │ │ │ │ │ discarded │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-22922 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-22923 │ │ │ │ curl: Metalink download sends credentials │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-22923 │
-├───────────────────┼──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libcurl4 │ CVE-2021-22922 │ │ │ │ curl: Content not matching hash in Metalink is not being │
-│ │ │ │ │ │ discarded │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-22922 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-22923 │ │ │ │ curl: Metalink download sends credentials │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-22923 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libdb5.3 │ CVE-2019-8457 │ CRITICAL │ 5.3.28+dfsg1-0.8 │ │ sqlite: heap out-of-bound read in function rtreenode() │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-8457 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libexpat1 │ CVE-2013-0340 │ LOW │ 2.2.10-2+deb11u3 │ │ expat: internal entity expansion │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2013-0340 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libext2fs2 │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libfreetype6 │ CVE-2022-31782 │ LOW │ 2.10.4+dfsg-1+deb11u1 │ │ ftbench.c in FreeType Demo Programs through 2.12.1 has a │
-│ │ │ │ │ │ heap-based bu ...... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-31782 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libgcrypt20 │ CVE-2021-33560 │ HIGH │ 1.8.7-6 │ │ libgcrypt: mishandles ElGamal encryption because it lacks │
-│ │ │ │ │ │ exponent blinding to address a... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33560 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-6829 │ LOW │ │ │ libgcrypt: ElGamal implementation doesn't have semantic │
-│ │ │ │ │ │ security due to incorrectly encoded plaintexts... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-6829 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libgnutls30 │ CVE-2022-2509 │ HIGH │ 3.7.1-5+deb11u1 │ 3.7.1-5+deb11u2 │ gnutls: Double free during gnutls_pkcs7_verify. │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2509 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2011-3389 │ LOW │ │ │ HTTPS: block-wise chosen-plaintext attack against SSL/TLS │
-│ │ │ │ │ │ (BEAST) │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-3389 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libgssapi-krb5-2 │ CVE-2004-0971 │ │ 1.18.3-6+deb11u1 │ │ security flaw │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2004-0971 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-5709 │ │ │ │ krb5: integer overflow in dbentry->n_key_data in │
-│ │ │ │ │ │ kadmin/dbutil/dump.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-5709 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libjpeg62-turbo │ CVE-2021-46822 │ MEDIUM │ 1:2.0.6-4 │ │ libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in │
-│ │ │ │ │ │ rdppm.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-46822 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libk5crypto3 │ CVE-2004-0971 │ LOW │ 1.18.3-6+deb11u1 │ │ security flaw │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2004-0971 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-5709 │ │ │ │ krb5: integer overflow in dbentry->n_key_data in │
-│ │ │ │ │ │ kadmin/dbutil/dump.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-5709 │
-├───────────────────┼──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libkrb5-3 │ CVE-2004-0971 │ │ │ │ security flaw │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2004-0971 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-5709 │ │ │ │ krb5: integer overflow in dbentry->n_key_data in │
-│ │ │ │ │ │ kadmin/dbutil/dump.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-5709 │
-├───────────────────┼──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libkrb5support0 │ CVE-2004-0971 │ │ │ │ security flaw │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2004-0971 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-5709 │ │ │ │ krb5: integer overflow in dbentry->n_key_data in │
-│ │ │ │ │ │ kadmin/dbutil/dump.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-5709 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libldap-2.4-2 │ CVE-2015-3276 │ │ 2.4.57+dfsg-3+deb11u1 │ │ openldap: incorrect multi-keyword mode cipherstring parsing │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2015-3276 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2017-14159 │ │ │ │ openldap: Privilege escalation via PID file manipulation │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-14159 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2017-17740 │ │ │ │ openldap: contrib/slapd-modules/nops/nops.c attempts to free │
-│ │ │ │ │ │ stack buffer allowing remote attackers to cause... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-17740 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2020-15719 │ │ │ │ openldap: Certificate validation incorrectly matches name │
-│ │ │ │ │ │ against CN-ID │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-15719 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libmount1 │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
-│ │ │ │ │ │ and chsh when compiled... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libncursesw6 │ CVE-2022-29458 │ HIGH │ 6.2+20201114-2 │ │ ncurses: segfaulting OOB read │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29458 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-39537 │ LOW │ │ │ ncurses: heap-based buffer overflow in _nc_captoinfo() in │
-│ │ │ │ │ │ captoinfo.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-39537 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libpcre2-8-0 │ CVE-2022-1586 │ CRITICAL │ 10.36-2 │ │ pcre2: Out-of-bounds read in compile_xclass_matchingpath in │
-│ │ │ │ │ │ pcre2_jit_compile.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1586 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2022-1587 │ │ │ │ pcre2: Out-of-bounds read in get_recurse_data_length in │
-│ │ │ │ │ │ pcre2_jit_compile.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1587 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libpcre3 │ CVE-2017-11164 │ LOW │ 2:8.39-13 │ │ pcre: OP_KETRMAX feature in the match function in │
-│ │ │ │ │ │ pcre_exec.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-11164 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2017-16231 │ │ │ │ pcre: self-recursive call in match() in pcre_exec.c leads to │
-│ │ │ │ │ │ denial of service... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-16231 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2017-7245 │ │ │ │ pcre: stack-based buffer overflow write in │
-│ │ │ │ │ │ pcre32_copy_substring │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-7245 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2017-7246 │ │ │ │ pcre: stack-based buffer overflow write in │
-│ │ │ │ │ │ pcre32_copy_substring │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-7246 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-20838 │ │ │ │ pcre: Buffer over-read in JIT when UTF is disabled and \X │
-│ │ │ │ │ │ or... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-20838 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libperl5.32 │ CVE-2020-16156 │ HIGH │ 5.32.1-4+deb11u2 │ │ perl-CPAN: Bypass of verification of signatures in CHECKSUMS │
-│ │ │ │ │ │ files │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-16156 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2011-4116 │ LOW │ │ │ perl: File::Temp insecure temporary file handling │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-4116 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libpng16-16 │ CVE-2019-6129 │ │ 1.6.37-3 │ │ libpng: memory leak of png_info struct in pngcp.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-6129 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-4214 │ │ │ │ libpng: hardcoded value leads to heap-overflow │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-4214 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libsepol1 │ CVE-2021-36084 │ │ 3.1-1 │ │ libsepol: use-after-free in __cil_verify_classperms() │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36084 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-36085 │ │ │ │ libsepol: use-after-free in __cil_verify_classperms() │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36085 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-36086 │ │ │ │ libsepol: use-after-free in cil_reset_classpermission() │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36086 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-36087 │ │ │ │ libsepol: heap-based buffer overflow in ebitmap_match_any() │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36087 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libsmartcols1 │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
-│ │ │ │ │ │ and chsh when compiled... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libsqlite3-0 │ CVE-2021-45346 │ MEDIUM │ 3.34.1-3 │ │ sqlite: crafted SQL query allows a malicious user to obtain │
-│ │ │ │ │ │ sensitive information... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-45346 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-36690 │ LOW │ │ │ ** DISPUTED ** A segmentation fault can occur in the │
-│ │ │ │ │ │ sqlite3.exe comma... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36690 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2022-35737 │ │ │ │ sqlite: assertion failure via query when compiled with │
-│ │ │ │ │ │ -DSQLITE_ENABLE_STAT4 │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-35737 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libss2 │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libssl1.1 │ CVE-2022-2097 │ │ 1.1.1n-0+deb11u3 │ │ openssl: AES OCB fails to encrypt some bytes │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2097 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2007-6755 │ LOW │ │ │ Dual_EC_DRBG: weak pseudo random number generator │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-6755 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2010-0928 │ │ │ │ openssl: RSA authentication weakness │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2010-0928 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libsystemd0 │ CVE-2013-4392 │ │ 247.3-7 │ │ systemd: TOCTOU race condition when updating file │
-│ │ │ │ │ │ permissions and SELinux security contexts... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2013-4392 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2020-13529 │ │ │ │ systemd: DHCP FORCERENEW authentication not implemented can │
-│ │ │ │ │ │ cause a system running the... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-13529 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libtinfo6 │ CVE-2022-29458 │ HIGH │ 6.2+20201114-2 │ │ ncurses: segfaulting OOB read │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29458 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-39537 │ LOW │ │ │ ncurses: heap-based buffer overflow in _nc_captoinfo() in │
-│ │ │ │ │ │ captoinfo.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-39537 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libudev1 │ CVE-2013-4392 │ │ 247.3-7 │ │ systemd: TOCTOU race condition when updating file │
-│ │ │ │ │ │ permissions and SELinux security contexts... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2013-4392 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2020-13529 │ │ │ │ systemd: DHCP FORCERENEW authentication not implemented can │
-│ │ │ │ │ │ cause a system running the... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-13529 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libuuid1 │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
-│ │ │ │ │ │ and chsh when compiled... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libxml2 │ CVE-2016-3709 │ MEDIUM │ 2.9.10+dfsg-6.7+deb11u2 │ │ libxml: Incorrect server side include parsing can lead to │
-│ │ │ │ │ │ XSS │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2016-3709 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ libxslt1.1 │ CVE-2021-30560 │ HIGH │ 1.1.34-4 │ │ Use after free in Blink XSLT in Google Chrome prior to │
-│ │ │ │ │ │ 91.0.4472.164... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-30560 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2015-9019 │ LOW │ │ │ libxslt: math.random() in xslt uses unseeded randomness │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2015-9019 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ login │ CVE-2007-5686 │ │ 1:4.8.1-1 │ │ initscripts in rPath Linux 1 sets insecure permissions for │
-│ │ │ │ │ │ the /var/lo ...... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-5686 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2013-4235 │ │ │ │ shadow-utils: TOCTOU race conditions by copying and removing │
-│ │ │ │ │ │ directory trees │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2013-4235 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-19882 │ │ │ │ shadow-utils: local users can obtain root access because │
-│ │ │ │ │ │ setuid programs are misconfigured... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-19882 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ logsave │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ mount │ CVE-2022-0563 │ LOW │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
-│ │ │ │ │ │ and chsh when compiled... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ ncurses-base │ CVE-2022-29458 │ HIGH │ 6.2+20201114-2 │ │ ncurses: segfaulting OOB read │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29458 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-39537 │ LOW │ │ │ ncurses: heap-based buffer overflow in _nc_captoinfo() in │
-│ │ │ │ │ │ captoinfo.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-39537 │
-├───────────────────┼──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ ncurses-bin │ CVE-2022-29458 │ HIGH │ │ │ ncurses: segfaulting OOB read │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29458 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-39537 │ LOW │ │ │ ncurses: heap-based buffer overflow in _nc_captoinfo() in │
-│ │ │ │ │ │ captoinfo.c │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-39537 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ openssh-client │ CVE-2021-41617 │ HIGH │ 1:8.4p1-5+deb11u1 │ │ openssh: privilege escalation when AuthorizedKeysCommand or │
-│ │ │ │ │ │ AuthorizedPrincipalsCommand are configured │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-41617 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2007-2243 │ LOW │ │ │ OpenSSH 4.6 and earlier, when │
-│ │ │ │ │ │ ChallengeResponseAuthentication is enabl ... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-2243 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2007-2768 │ │ │ │ OpenSSH, when using OPIE (One-Time Passwords in Everything) │
-│ │ │ │ │ │ for PAM, a ...... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-2768 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2008-3234 │ │ │ │ sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 │
-│ │ │ │ │ │ OpenSSH snapsh... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2008-3234 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2016-20012 │ │ │ │ openssh: Public key information leak │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2016-20012 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-15919 │ │ │ │ openssh: User enumeration via malformed packets in │
-│ │ │ │ │ │ authentication requests │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-15919 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-6110 │ │ │ │ openssh: Acceptance and display of arbitrary stderr allows │
-│ │ │ │ │ │ for spoofing of scp... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-6110 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2020-14145 │ │ │ │ openssh: Observable discrepancy leading to an information │
-│ │ │ │ │ │ leak in the algorithm negotiation... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-14145 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2020-15778 │ │ │ │ openssh: scp allows command injection when using backtick │
-│ │ │ │ │ │ characters in the destination... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-15778 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-36368 │ │ │ │ openssh: possible bypass of fido 2 devices and ssh-askpass │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36368 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ openssl │ CVE-2022-2097 │ HIGH │ 1.1.1n-0+deb11u3 │ │ openssl: AES OCB fails to encrypt some bytes │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2097 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2007-6755 │ LOW │ │ │ Dual_EC_DRBG: weak pseudo random number generator │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-6755 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2010-0928 │ │ │ │ openssl: RSA authentication weakness │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2010-0928 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ passwd │ CVE-2007-5686 │ │ 1:4.8.1-1 │ │ initscripts in rPath Linux 1 sets insecure permissions for │
-│ │ │ │ │ │ the /var/lo ...... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-5686 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2013-4235 │ │ │ │ shadow-utils: TOCTOU race conditions by copying and removing │
-│ │ │ │ │ │ directory trees │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2013-4235 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2019-19882 │ │ │ │ shadow-utils: local users can obtain root access because │
-│ │ │ │ │ │ setuid programs are misconfigured... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-19882 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ patch │ CVE-2010-4651 │ │ 2.7.6-7 │ │ patch: directory traversal flaw allows for arbitrary file │
-│ │ │ │ │ │ creation │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2010-4651 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-6951 │ │ │ │ patch: NULL pointer dereference in pch.c:intuit_diff_type() │
-│ │ │ │ │ │ causes a crash │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-6951 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2018-6952 │ │ │ │ patch: Double free of memory in pch.c:another_hunk() causes │
-│ │ │ │ │ │ a crash │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-6952 │
-│ ├──────────────────┤ │ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2021-45261 │ │ │ │ patch: Invalid Pointer via another_hunk function │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-45261 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ perl │ CVE-2020-16156 │ HIGH │ 5.32.1-4+deb11u2 │ │ perl-CPAN: Bypass of verification of signatures in CHECKSUMS │
-│ │ │ │ │ │ files │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-16156 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2011-4116 │ LOW │ │ │ perl: File::Temp insecure temporary file handling │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-4116 │
-├───────────────────┼──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ perl-base │ CVE-2020-16156 │ HIGH │ │ │ perl-CPAN: Bypass of verification of signatures in CHECKSUMS │
-│ │ │ │ │ │ files │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-16156 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2011-4116 │ LOW │ │ │ perl: File::Temp insecure temporary file handling │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-4116 │
-├───────────────────┼──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ perl-modules-5.32 │ CVE-2020-16156 │ HIGH │ │ │ perl-CPAN: Bypass of verification of signatures in CHECKSUMS │
-│ │ │ │ │ │ files │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-16156 │
-│ ├──────────────────┼──────────┤ ├─────────────────┼──────────────────────────────────────────────────────────────┤
-│ │ CVE-2011-4116 │ LOW │ │ │ perl: File::Temp insecure temporary file handling │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-4116 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ tar │ CVE-2005-2541 │ │ 1.34+dfsg-1 │ │ tar: does not properly warn the user when extracting setuid │
-│ │ │ │ │ │ or setgid... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2005-2541 │
-├───────────────────┼──────────────────┤ ├─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ util-linux │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
-│ │ │ │ │ │ and chsh when compiled... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
-├───────────────────┼──────────────────┼──────────┼─────────────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
-│ zlib1g │ CVE-2022-37434 │ CRITICAL │ 1:1.2.11.dfsg-2+deb11u1 │ │ zlib: a heap-based buffer over-read or buffer overflow in │
-│ │ │ │ │ │ inflate in inflate.c... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │
-└───────────────────┴──────────────────┴──────────┴─────────────────────────┴─────────────────┴──────────────────────────────────────────────────────────────┘
-2022-08-16T16:05:58.395+0200 INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file.
-
-Python (python-pkg)
-
-Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 1)
-
-┌─────────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
-│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
-├─────────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
-│ PyPDF2 (METADATA) │ CVE-2022-24859 │ MEDIUM │ 1.26.0 │ 1.27.5 │ PyPDF2: infinite loop vulnerability │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-24859 │
-├─────────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
-│ Werkzeug (METADATA) │ CVE-2022-29361 │ CRITICAL │ 2.0.2 │ 2.1.1 │ ** DISPUTED ** Improper parsing of HTTP requests in Pallets │
-│ │ │ │ │ │ Werkzeug v2.1.0... │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29361 │
-├─────────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
-│ lxml (METADATA) │ CVE-2022-2309 │ HIGH │ 4.6.5 │ 4.9.1 │ lxml: NULL Pointer Dereference in lxml │
-│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-2309 │
-└─────────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
-
-/opt/odoo/odoo/addons/point_of_sale/tools/posbox/overwrite_after_init/etc/ssl/private/nginx-cert.key (secrets)
-
-Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
-
-HIGH: AsymmetricPrivateKey (private-key)
-═════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
-Asymmetric Private Key
-─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
- /opt/odoo/odoo/addons/point_of_sale/tools/posbox/overwrite_after_init/etc/ssl/private/nginx-cert.key:1 (deleted in the intermediate layer)
-─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
- 1 [ -----BEGIN PRIVATE KEY-----*******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----
- 2
-─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
--
GitLab