sfowl/4.2.z

## 4.2.z
$ # OCP 4.2.z bugs
$ bugzilla --ensure-logged-in query --json --from-url
"buglist.cgi?product=OpenShift%20Container%20Platform&keywords=SecurityTracking&limit=50&bug_severity=high&bug_severity=urgent&target_release=4.2.z" | jq -r '.bugs[].summary' | sort -u | tee /tmp/all-4.2.z-trackers
CVE-2018-12207 machine-os-content-container: hw: Machine Check Error on Page Size Change (IPU) [openshift-4.2.z]
CVE-2019-10431 jenkins-2-plugins: jenkins-script-security: Sandbox bypass vulnerability in Script Security Plugin [openshift-4.2.z]
CVE-2019-10746 kibana: nodejs-mixin-deep: prototype pollution in function mixin-deep [openshift-4.2-default]
CVE-2019-16538 CVE-2020-2109 CVE-2020-2110 CVE-2020-2111 CVE-2020-2134 CVE-2020-2135 CVE-2020-2136 jenkins-2-plugins: various flaws [openshift-4.2.z]
CVE-2019-17638 CVE-2020-2229 CVE-2020-2230 CVE-2020-2231 jenkins: various flaws [openshift-4.2.z]
CVE-2019-9512 CVE-2019-9514 apb: various flaws [openshift-4.2]
CVE-2019-9512 CVE-2019-9514 containernetworking-plugins: various flaws [openshift-4.2]
CVE-2019-9512 CVE-2019-9514 golang-github-prometheus-promu: various flaws [openshift-4.2.z]
CVE-2020-10696 openshift-enterprise-builder-container: buildah: crafted input tar file may lead to local file overwriting during image build process [openshift-4.2.z]
CVE-2020-10696 podman: buildah: crafted input tar file may lead to local file overwriting during image build process [openshift-4.2.z]
CVE-2020-10712 ose-cluster-image-registry-operator-container: openshift/cluster-image-registry-operator: secrets disclosed in logs [openshift-4.2.z]
CVE-2020-2099 CVE-2020-2100 CVE-2020-2101 CVE-2020-2102 CVE-2020-2103 CVE-2020-2104 CVE-2020-2105 jenkins: various flaws [openshift-4.3.z]
CVE-2020-2160 CVE-2020-2161 CVE-2020-2162 CVE-2020-2163 jenkins: multiple vulnerabilities [openshift-4.2.z]
CVE-2020-2160 CVE-2020-2161 CVE-2020-2162 CVE-2020-2163 jenkins: various flaws [openshift-4.2.z]
CVE-2020-2220 CVE-2020-2221 CVE-2020-2222 CVE-2020-2223 jenkins: various flaws [openshift-4.2.z]
CVE-2020-2224 CVE-2020-2225 CVE-2020-2226 jenkins-2-plugins: various flaws [openshift-4.2.z]
CVE-2020-8608 slirp4netns: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [openshift-4.2.z]
EMBARGOED CVE-2020-8555 openshift-enterprise-hyperkube-container: kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information [openshift-4.2.z]

$ # Recent bugs fixed in errata
$ bugzilla --ensure-logged-in query --json --from-url "buglist.cgi?product=OpenShift%20Container%20Platform&keywords=SecurityTracking&limit=50&status=CLOSED&resolution=ERRATA&bug_severity=high&bug_severity=urgent&chfieldfrom=2020-09-01&chfieldto=Now" | jq -r '.bugs[].summary' | sed 's/\[openshift.*//' | sort -u | tee /tmp/recent-bugs
CVE-2019-16538 CVE-2020-2109 CVE-2020-2110 CVE-2020-2111 CVE-2020-2134 CVE-2020-2135 CVE-2020-2136 jenkins-2-plugins: various flaws
CVE-2019-17638 CVE-2020-2229 CVE-2020-2230 CVE-2020-2231 jenkins: various flaws
CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets
CVE-2020-2160 CVE-2020-2161 CVE-2020-2162 CVE-2020-2163 jenkins: multiple vulnerabilities
CVE-2020-2220 CVE-2020-2221 CVE-2020-2222 CVE-2020-2223 jenkins: various flaws
CVE-2020-2224 CVE-2020-2225 CVE-2020-2226 jenkins-2-plugins: various flaws

$ # Compare
$ grep -F -f /tmp/recent-bugs /tmp/all-4.2.z-trackers
CVE-2019-16538 CVE-2020-2109 CVE-2020-2110 CVE-2020-2111 CVE-2020-2134 CVE-2020-2135 CVE-2020-2136 jenkins-2-plugins: various flaws [openshift-4.2.z]
CVE-2019-17638 CVE-2020-2229 CVE-2020-2230 CVE-2020-2231 jenkins: various flaws [openshift-4.2.z]
CVE-2020-2160 CVE-2020-2161 CVE-2020-2162 CVE-2020-2163 jenkins: multiple vulnerabilities [openshift-4.2.z]
CVE-2020-2220 CVE-2020-2221 CVE-2020-2222 CVE-2020-2223 jenkins: various flaws [openshift-4.2.z]
CVE-2020-2224 CVE-2020-2225 CVE-2020-2226 jenkins-2-plugins: various flaws [openshift-4.2.z]


There's 4.2.z bugs for each of these already, except for CVE-2020-14336 which is actually a
Low (looks like Eng raised the tracker severity, but that's different from the flaw impact).
	$ # OCP 4.2.z bugs
	$ bugzilla --ensure-logged-in query --json --from-url
	"buglist.cgi?product=OpenShift%20Container%20Platform&keywords=SecurityTracking&limit=50&bug_severity=high&bug_severity=urgent&target_release=4.2.z" \| jq -r '.bugs[].summary' \| sort -u \| tee /tmp/all-4.2.z-trackers
	CVE-2018-12207 machine-os-content-container: hw: Machine Check Error on Page Size Change (IPU) [openshift-4.2.z]
	CVE-2019-10431 jenkins-2-plugins: jenkins-script-security: Sandbox bypass vulnerability in Script Security Plugin [openshift-4.2.z]
	CVE-2019-10746 kibana: nodejs-mixin-deep: prototype pollution in function mixin-deep [openshift-4.2-default]
	CVE-2019-16538 CVE-2020-2109 CVE-2020-2110 CVE-2020-2111 CVE-2020-2134 CVE-2020-2135 CVE-2020-2136 jenkins-2-plugins: various flaws [openshift-4.2.z]
	CVE-2019-17638 CVE-2020-2229 CVE-2020-2230 CVE-2020-2231 jenkins: various flaws [openshift-4.2.z]
	CVE-2019-9512 CVE-2019-9514 apb: various flaws [openshift-4.2]
	CVE-2019-9512 CVE-2019-9514 containernetworking-plugins: various flaws [openshift-4.2]
	CVE-2019-9512 CVE-2019-9514 golang-github-prometheus-promu: various flaws [openshift-4.2.z]
	CVE-2020-10696 openshift-enterprise-builder-container: buildah: crafted input tar file may lead to local file overwriting during image build process [openshift-4.2.z]
	CVE-2020-10696 podman: buildah: crafted input tar file may lead to local file overwriting during image build process [openshift-4.2.z]
	CVE-2020-10712 ose-cluster-image-registry-operator-container: openshift/cluster-image-registry-operator: secrets disclosed in logs [openshift-4.2.z]
	CVE-2020-2099 CVE-2020-2100 CVE-2020-2101 CVE-2020-2102 CVE-2020-2103 CVE-2020-2104 CVE-2020-2105 jenkins: various flaws [openshift-4.3.z]
	CVE-2020-2160 CVE-2020-2161 CVE-2020-2162 CVE-2020-2163 jenkins: multiple vulnerabilities [openshift-4.2.z]
	CVE-2020-2160 CVE-2020-2161 CVE-2020-2162 CVE-2020-2163 jenkins: various flaws [openshift-4.2.z]
	CVE-2020-2220 CVE-2020-2221 CVE-2020-2222 CVE-2020-2223 jenkins: various flaws [openshift-4.2.z]
	CVE-2020-2224 CVE-2020-2225 CVE-2020-2226 jenkins-2-plugins: various flaws [openshift-4.2.z]
	CVE-2020-8608 slirp4netns: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [openshift-4.2.z]
	EMBARGOED CVE-2020-8555 openshift-enterprise-hyperkube-container: kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information [openshift-4.2.z]

	$ # Recent bugs fixed in errata
	$ bugzilla --ensure-logged-in query --json --from-url "buglist.cgi?product=OpenShift%20Container%20Platform&keywords=SecurityTracking&limit=50&status=CLOSED&resolution=ERRATA&bug_severity=high&bug_severity=urgent&chfieldfrom=2020-09-01&chfieldto=Now" \| jq -r '.bugs[].summary' \| sed 's/\[openshift.*//' \| sort -u \| tee /tmp/recent-bugs
	CVE-2019-16538 CVE-2020-2109 CVE-2020-2110 CVE-2020-2111 CVE-2020-2134 CVE-2020-2135 CVE-2020-2136 jenkins-2-plugins: various flaws
	CVE-2019-17638 CVE-2020-2229 CVE-2020-2230 CVE-2020-2231 jenkins: various flaws
	CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets
	CVE-2020-2160 CVE-2020-2161 CVE-2020-2162 CVE-2020-2163 jenkins: multiple vulnerabilities
	CVE-2020-2220 CVE-2020-2221 CVE-2020-2222 CVE-2020-2223 jenkins: various flaws
	CVE-2020-2224 CVE-2020-2225 CVE-2020-2226 jenkins-2-plugins: various flaws

	$ # Compare
	$ grep -F -f /tmp/recent-bugs /tmp/all-4.2.z-trackers
	CVE-2019-16538 CVE-2020-2109 CVE-2020-2110 CVE-2020-2111 CVE-2020-2134 CVE-2020-2135 CVE-2020-2136 jenkins-2-plugins: various flaws [openshift-4.2.z]
	CVE-2019-17638 CVE-2020-2229 CVE-2020-2230 CVE-2020-2231 jenkins: various flaws [openshift-4.2.z]
	CVE-2020-2160 CVE-2020-2161 CVE-2020-2162 CVE-2020-2163 jenkins: multiple vulnerabilities [openshift-4.2.z]
	CVE-2020-2220 CVE-2020-2221 CVE-2020-2222 CVE-2020-2223 jenkins: various flaws [openshift-4.2.z]
	CVE-2020-2224 CVE-2020-2225 CVE-2020-2226 jenkins-2-plugins: various flaws [openshift-4.2.z]


	There's 4.2.z bugs for each of these already, except for CVE-2020-14336 which is actually a
	Low (looks like Eng raised the tracker severity, but that's different from the flaw impact).