Closed mrbusche closed 2 years ago
Debian security tracking links:
Both are fixed by version 7.74.0-1.3+deb11u2
in Debian Bullseye. As noted in https://github.com/docker-library/buildpack-deps/issues/133#issuecomment-1208396503, they are rebuilt approximately every month. I am uncertain if either of these vulnerabilities are widely applicable enough to warrant an early full rebuild of all Debian based images (esp since they were rebuilt last week because of the regular Debian update in https://github.com/docker-library/official-images/pull/12889).
Makes sense, the last image was built on 8/1. I'll make sure we have an exception in place until 9/1 and we can revisit then if the image have not been rebuilt (with probably a few grace days since you're not on a fixed build schedule)
The docker image for buildpack-debs:bullseye-curl is flagging vulnerabilities CVE-2022-32207 and CVE-2021-22945.
The vulnerabilities appear to come from curl, which has already been patched in bullseye. Can you please rebuild the image to use the latest, patched curl?
Similar issue to https://github.com/docker-library/buildpack-deps/issues/132 which was resolved by a rebuild,
debian-bullseye
is not showing any CVE's that have fixes available.Duplicate of https://github.com/docker-library/buildpack-deps/issues/133 where I incorrectly mentioned buster instead of bullseye
buildpack-deps:bullseye-curl