Critical and high severity fixes from drupal:latest tag - Githubissues

docker-library / drupal

Docker Official Image packaging for Drupal

276 stars 204 forks source link

Critical and high severity fixes from drupal:latest tag #262

Open aprasadfos opened 1 month ago

aprasadfos commented 1 month ago

Hi doijanky,

Can we get some date by when the Critical and high severity issues can be fixed from drupal:latest tag image.

LaurentGoderre commented 1 month ago

The fixes for these CVEs have not been backported to the versions of debian used.

https://scout.docker.com/vulnerabilities/id/CVE-2024-38475?s=debian&n=apache2&ns=debian&t=deb&osn=debian&osv=12&vr=%3E%3D2.4.59-1~deb12u1&utm_source=hub https://scout.docker.com/vulnerabilities/id/CVE-2024-39573?s=debian&n=apache2&ns=debian&t=deb&osn=debian

tianon commented 1 month ago

See also https://security-tracker.debian.org/, especially https://security-tracker.debian.org/tracker/CVE-2024-38475

Also, https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves