yosifkit
commented
9 months ago I'd call this a false positive as the minizip source from within zlib isn't used to produce a binary in Debian's packages.
https://security-tracker.debian.org/tracker/CVE-2023-45853
zlib
(contrib/minizip not built and producing binary packages)
Similar to https://github.com/docker-library/python/issues/881
Scanning the latest 16.2 version of the docker postgres image I see it has the CVE-2023-45853 listed. Is there some way to fix this or is it a false positive?