Closed anjankow closed 1 year ago
golang 1.20.5 images use debian/openssl in version 1.1.1n-0+deb11u4 which is affected by CVE-2023-2650 and CVE-2023-0464 vulnerabilities (among others).
1.1.1n-0+deb11u4
These vulnerabilities have been fixed in version 1.1.1n-0+deb11u5.
1.1.1n-0+deb11u5
Could the version be updated in the golang image too?
The default 1.20 is now Bookworm based (and so is OpenSSL 3.0) and the Bullseye images have also been rebuilt via https://github.com/docker-library/official-images/pull/14832:
1.20
https://hub.docker.com/layers/library/golang/1.20-bullseye/images/sha256-d319a1d4ce390c1222f8cf270c1a8b0d6c898c7658f5ec2a3ebdb1254895da18?context=explore
golang 1.20.5 images use debian/openssl in version
1.1.1n-0+deb11u4
which is affected by CVE-2023-2650 and CVE-2023-0464 vulnerabilities (among others).These vulnerabilities have been fixed in version
1.1.1n-0+deb11u5
.Could the version be updated in the golang image too?