CVE-2021-46848 on libtasn1-6 of the bullseye-20221004-slim image

debuerreotype / docker-debian-artifacts

Official builds of debuerreotype-generated Debian tarballs for use in Docker

https://docker.debian.net

Apache License 2.0

317 stars 104 forks source link

CVE-2021-46848 on libtasn1-6 of the bullseye-20221004-slim image #185

Closed robsonpeixoto closed 1 year ago

robsonpeixoto commented 1 year ago

Are there plans to to release a new version of the image? The https://github.com/aquasecurity/trivy detected a security problem on libtasn1-6 on bullseye-20221004-slim image.

tianon commented 1 year ago

bullseye-20221004-slim is two months old :grimacing:

The latest serial I've built is 20221205 (but there was a release this weekend that I'll likely be rebuilding again soon to incorporate).

robsonpeixoto commented 1 year ago

bullseye-20221205-slim is using the version 4.16.0-2 and the security fix was released on 4.16.0-2+deb11u1.

❯ docker run --rm -it debian:bullseye-20221205-slim                            
root@c1f32477eeb3:/# dpkg -l | grep libtasn1-6
ii  libtasn1-6:amd64        4.16.0-2                     amd64        Manage ASN.1 structures (runtime)

Sorry, I forget to report it.

dinapappor commented 1 year ago

Hello! Any timeline of when new debian image gets released?

tianon commented 1 year ago

https://github.com/docker-library/official-images/pull/13770 :+1: