Vulnerability issue with 6.2.8 cp images CVE-2022-47629

[cedricAI23]

The following images are showing them vulnerable to CVE-2022-47629 for 6.2.8. Please provide a resolution

cp-kafka-connect cp-kafka cp-zookeeper cp-schema-registry

trivy image 323640293338.dkr.ecr.us-east-2.amazonaws.com/cp-kafka-connect:6.2.8-arthur-1 | grep CVE-2022-47629

2023-03-02T09:52:46.390-0500 INFO Need to update DB 2023-03-02T09:52:46.390-0500 INFO DB Repository: ghcr.io/aquasecurity/trivy-db 2023-03-02T09:52:46.390-0500 INFO Downloading DB... 35.83 MiB / 35.83 MiB [-----------------------------] 100.00% 18.12 MiB p/s 2.2s 2023-03-02T09:52:49.855-0500 INFO Vulnerability scanning is enabled 2023-03-02T09:52:49.855-0500 INFO Secret scanning is enabled 2023-03-02T09:52:49.855-0500 INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning 2023-03-02T09:52:49.855-0500 INFO Please see also https://aquasecurity.github.io/trivy/v0.36/docs/secret/scanning/#recommendation for faster secret detection 2023-03-02T09:52:54.798-0500 INFO Detected OS: redhat 2023-03-02T09:52:54.798-0500 INFO Detecting RHEL/CentOS vulnerabilities... 2023-03-02T09:52:54.829-0500 INFO Number of language-specific files: 2 2023-03-02T09:52:54.829-0500 INFO Detecting jar vulnerabilities... 2023-03-02T09:52:54.848-0500 INFO Detecting python-pkg vulnerabilities... 2023-03-02T09:52:54.881-0500 INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file. │ libksba │ CVE-2022-47629 │ HIGH │ 1.3.5-8.el8_6 │ 1.3.5-9.el8_7 │ libksba: integer overflow to code execution`

[janjwerner-confluent]

Hello @cedricAI23 We expect to resolve this issue in the upcoming quarterly patch release.

[cedricAI23]

Thank you!. What is the date for the quarterly patch release

[janjwerner-confluent]

@cedricAI23 Quarterly patch release happen around the end of the every quarter, so upcoming one is expected at the end of March.