CVE-2022-27404 Vulnerability found

docker-library / buildpack-deps

MIT License

445 stars 113 forks source link

CVE-2022-27404 Vulnerability found #128

Closed Deepak-Suresh closed 2 years ago

Deepak-Suresh commented 2 years ago

pls upgrade libfreetype package to 2.11.1+dfsg-2

pls refer https://security-tracker.debian.org/tracker/CVE-2022-27404

yosifkit commented 2 years ago

As seen on the Debian security tracker page, that fix is only available in bookworm (currently aka sid or unstable). All other Debian releases do not have the update. And, from the Notes, it looks like the Debian security team has chosen not to fix it for them:

[bullseye] - freetype <no-dsa> (Minor issue)
[buster] - freetype <no-dsa> (Minor issue)
[stretch] - freetype <no-dsa> (Minor issue)