Hi, these issues have all been previously reported and have CVE's. Docker Cloud's "Docker Security Scanning" listed them as relevant to the jessie Docker image.
Is there any way to mitigate them in the jessie image?
Some of them are not so relevant, but curious if it's possible to include the fixes.
The report output is all HTMLy, but if you push the jessie image to docker cloud and enable "Security Scanning", you'll see a report. Thanks!
curl 7.38.0-4+deb8u5
MIT: Permissive License
CVE-2016-4802
CVE-2016-3739
Major
Minor
wget 1.16-1+deb8u1
GPLv3: Copyleft License
CVE-2016-7098
Major
libxml2 2.9.1+dfsg1-5+deb8u3
MIT: Permissive License
CVE-2016-4614
CVE-2016-4615
CVE-2016-4616
CVE-2016-4619
CVE-2016-5131
CVE-2015-6837
CVE-2015-6838
Critical
Critical
Critical
Critical
Major
Major
Major
pcre
BSD: Permissive License
CVE-2016-3191
CVE-2014-9769
Critical
Critical
gdlib
BSD: Permissive License
CVE-2016-3074
CVE-2016-7568
CVE-2016-5766
CVE-2016-5767
CVE-2013-7456
CVE-2016-5116
CVE-2016-6128
CVE-2015-8877
CVE-2016-6905
CVE-2016-6161
CVE-2016-6214
CVE-2016-6132
CVE-2016-6207
Critical
Critical
Major
Major
Major
Major
Major
Major
Major
Major
Major
Major
Major
libxslt 1.1.28-2+deb8u1
MIT: Permissive License
CVE-2016-4612
CVE-2016-4607
CVE-2016-4609
CVE-2016-4608
CVE-2016-4610
Critical
Critical
Critical
Critical
Critical
gdkpixbuf
LGPL: Lgpl License
CVE-2015-8875
CVE-2016-6352
Major
Major
MichaelJCole
commented
8 years ago
Hi, these issues have all been previously reported and have CVE's. Docker Cloud's "Docker Security Scanning" listed them as relevant to the jessie Docker image.
Is there any way to mitigate them in the jessie image?
Some of them are not so relevant, but curious if it's possible to include the fixes.
The report output is all HTMLy, but if you push the jessie image to docker cloud and enable "Security Scanning", you'll see a report. Thanks!