Zircon99
commented
6 months ago Hi, do we have an ETA for when this will be ready? We have a pipeline dependent on this currently.
Thanks
Closed mpoindexter closed 6 months ago
Zircon99
commented
6 months ago Hi, do we have an ETA for when this will be ready? We have a pipeline dependent on this currently.
Thanks
knqyf263
commented
6 months ago @mpoindexter Do you have time? If not, we'll take it over.
mpoindexter
commented
6 months ago Updated the PR to set the fix version to blank as requested
knqyf263
commented
6 months ago Thanks for your contribution!
Zircon99
commented
6 months ago Hi there. I am new to this - could you kindly assist with the issue I am having?
On 7 February 2024, we ran our pipeline, with docker installing this version via apt-get - "libgnutls30=3.7.1-5+deb11u3". It worked fine.
On 15 February 2024 we ran same pipeline with same settings, and it failed with exit code 100. I presume now, that this means that the version tag "3.7.1-5+deb11u3" does not exist anymore - is that correct?
I consequently used this thread to determine what would be the correct version tag to use: https://avd.aquasec.com/nvd/2024/cve-2024-0567/
I tried "libgnutls30=3.7.1-5+deb11u4" - it does appear to install this version, however Trivy flags a vulnerability.
I then tried "libgnutls30=3.7.1-5+deb11u5" - exit code 100 - it does not appear that this version currently exists? In this context I am somewhat new to this - could you kindly explain if/when this will be ready for us, and will effectively address the above vulnerability?
Finally, I do see mention made of libgnutls28 instead of 30 in various threads and instances. Is it correct for me to use "libgnutls30=3.7.1-5+deb11u5" or "libgnutls28=3.7.1-5+deb11u5" - note the difference 28/30?
Thank you
Fix for https://github.com/aquasecurity/trivy-db/issues/380