{"affected":[{"ecosystem_specific":{"binaries":[{"helm-mirror":"0.2.1-1.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Containers 15 SP1","name":"helm-mirror","purl":"pkg:rpm/suse/helm-mirror&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.2.1-1.7.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for helm-mirror to version 0.2.1 fixes the following issues:\n\n\nSecurity issues fixed:\n\n- CVE-2018-16873: Fixed a remote command execution (bsc#1118897)\n- CVE-2018-16874: Fixed a directory traversal in 'go get' via curly braces in import path (bsc#1118898)\n- CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899)\n\nNon-security issue fixed:\n\n- Update to v0.2.1 (bsc#1120762)\n- Include helm-mirror into the containers module (bsc#1116182)\n","id":"SUSE-SU-2019:0048-2","modified":"2019-07-04T12:26:14Z","published":"2019-07-04T12:26:14Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20190048-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1116182"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118897"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118898"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118899"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120762"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16873"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16874"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16875"}],"related":["CVE-2018-16873","CVE-2018-16874","CVE-2018-16875"],"summary":"Security update for helm-mirror","upstream":["CVE-2018-16873","CVE-2018-16874","CVE-2018-16875"]}