Closed kuba closed 8 years ago
It seems that images were rebuilt just recently:
buildpack-deps jessie-scm 05bacbdfa6eb 8 hours ago 291.8 MB
buildpack-deps scm 05bacbdfa6eb 8 hours ago 291.8 MB
buildpack-deps curl e66a33f451f4 8 hours ago 169.5 MB
buildpack-deps jessie-curl e66a33f451f4 8 hours ago 169.5 MB
debian 8.0 41b730702607 15 hours ago 125.1 MB
debian jessie 41b730702607 15 hours ago 125.1 MB
debian latest 41b730702607 15 hours ago 125.1 MB
debian 8 41b730702607 15 hours ago 125.1 MB
buildpack-deps latest b4f26f1941bc 8 days ago 677.5 MB
buildpack-deps jessie b4f26f1941bc 8 days ago 677.5 MB
<none> <none> 938e3817ad84 4 weeks ago 289.5 MB
scratch latest 511136ea3c5a 22 months ago 0 B
and they are not longer vulnerable, either to above or more recent DSS-3240-1 curl security update (https://lists.debian.org/debian-security-announce/2015/msg00128.html)
Is there anywhere a build log that lists all versions installed by apt-get
? Is there anywhere a history of those images (i.e. previous image id tags?).
Sorry, no history of old image IDs. But that seems like it could be useful to have.
This particular issue is definitely long-since solved. :+1:
Regarding history of images (IDs, etc), we do have https://github.com/docker-library/repo-info/blob/6c0b758a05c294a6682b83895b6da78712acf24e/repos/buildpack-deps/tag-details.md now, and walking backwards through the Git history of that file should provide some amount of useful historical data about both image IDs and even more usefullly content digests (which can be used to pull those older image contents). :+1:
https://lists.debian.org/debian-security-announce/2015/msg00120.html
Most recent Debian images are vulnerable. This should probably be built together with #23.