pcre2 vulnerability (CVE-2022-1586 & CVE-2022-1587)

alpinelinux / docker-alpine

Official Alpine Linux Docker image. Win at minimalism!

MIT License

1.04k stars 261 forks source link

pcre2 vulnerability (CVE-2022-1586 & CVE-2022-1587) #259

Open AndreiMuresan opened 2 years ago

AndreiMuresan commented 2 years ago

The updated package (10.40-r0) is already available in https://pkgs.alpinelinux.org/packages?name=pcre2&branch=v3.16 https://pkgs.alpinelinux.org/packages?name=pcre2&branch=v3.15

Jandrov commented 2 years ago

It seems that some images based on alpine like the nginx ones, are still reporting the vulnerability. And in https://github.com/nginxinc/docker-nginx/issues/671#issuecomment-1160130153 it is mentioned that for their images to be automatically rebuilt, we would need the alpine ones to be published again. Last push was one month ago (https://hub.docker.com/_/alpine?tab=tags), when is it expected to happen again?

Khazii commented 2 years ago

Bump! This is unfortunately blocking us. Is there anything any of us can do to speed this along? Is it just a literal case of the Alpine Image being rebuilt? Thanks!

namevic commented 2 years ago

new image created 10.40 already there

Khazii commented 2 years ago

Cool you're right, I was mistakenly waiting for the image tag date to update. Thanks! Sorted for me.