Crtitical/high vulnerabilities in all haproxy:bullseye images - Githubissues

docker-library / haproxy

Docker Official Image packaging for HAProxy

http://www.haproxy.org/

GNU General Public License v2.0

347 stars 158 forks source link

Crtitical/high vulnerabilities in all haproxy:bullseye images #221

Closed anajovanoviic closed 7 months ago

anajovanoviic commented 8 months ago

Crtitical/high vulnerabilities are in all haproxy:bullseye images. Could you patch this?

One of the tags - https://hub.docker.com/layers/library/haproxy/lts-bullseye/images/sha256-5e2b156122dd34992ddd73026eb4cd57cbadbed5c30bdc704d0465986e0f8023?context=explore

Critical vulnerability (CVE-2023-45853) - https://dso.docker.com/images/debian/digests/sha256:b6d63c0260d528ebfd7c6e50d76ba7c9ff15698700a63e1f6b681876fffa6ff9?_gl=1*iop9d6*_ga*MTI2MjMxNTU4Ny4xNjkwNDI1ODQ3*_ga_XJWPQMJYHQ*MTY5OTAxNjg3My4xOC4xLjE2OTkwMTc5MTkuMzkuMC4w

LaurentGoderre commented 8 months ago

This vulnerability comes from Debian and Debian hasn't fixed it yet:

https://security-tracker.debian.org/tracker/CVE-2023-45853

We will partch as soon as upstream does.

anajovanoviic commented 8 months ago

ok, thanks

tianon commented 8 months ago

See also https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves