search

debuerreotype / docker-debian-artifacts

Official builds of debuerreotype-generated Debian tarballs for use in Docker
https://docker.debian.net
Apache License 2.0
317 stars 104 forks source link

Debian CVE vulnerabilities. #148

Closed Saikumarn78 closed 2 years ago

Saikumarn78 commented 2 years ago

Hi,

The Debian docker images in the recent scan reported the attached CVE OS vulnerabilities. I am attaching the list and hoping that would be taken care of it in the upcoming releases or if they are already being fixed?

Mariadb Debian image CVE.xlsx

tianon commented 2 years ago

I haven't looked at your attachment, but my general answer is going to be something along the lines of https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves -- I would suggest looking up each of the CVEs you care about on https://security-tracker.debian.org/tracker/ to see what the Debian Security Team has to say about them already.

stappersg commented 2 years ago

On Tue, Jan 04, 2022 at 04:13:13PM -0800, Tianon Gravi wrote:

Closed #148.

Idea: Re-open it, so it can prevent (hopefully) simular request ...

tianon commented 2 years ago

@stappersg yeah, that's not a bad idea, although these types of issues aren't nearly as common in this repository as they are elsewhere -- I think if we get more of them over time that's something we should consider :+1: