search

docker-library / memcached

Docker Official Image packaging for memcached
http://memcached.org/
BSD 3-Clause "New" or "Revised" License
131 stars 99 forks source link

CVE-2020-35197 #63

Closed jgamblin closed 3 years ago

jgamblin commented 3 years ago

Someone filed CVE-2020-35197 against your docker image. After looking at your dockerfile I do not think it is vulnerable and should be disputed.

Here is a blog I wrote on the subject.

tianon commented 3 years ago

IMO, for this to get a dedicated CVE is insane -- it's really just another instance of literally CVE-2019-5021.

Also, as you've noted, none of the supported versions of this image are actually vulnerable today (nor have they been since it was fixed in the Alpine base image).

tianon commented 3 years ago

(Also, thanks for the great blog post -- I've filed a report at https://cveform.mitre.org/ that these are all duplicates but I'm not holding my breath.)