search

docker-library / postgres

Docker Official Image packaging for Postgres
http://www.postgresql.org
MIT License
2.14k stars 1.11k forks source link

CVE-2023-45853 zlib/minizip vulnerability #1204

Closed adespain closed 3 months ago

adespain commented 4 months ago

Scanning the latest 16.2 version of the docker postgres image I see it has the CVE-2023-45853 listed. Is there some way to fix this or is it a false positive?

yosifkit commented 4 months ago

I'd call this a false positive as the minizip source from within zlib isn't used to produce a binary in Debian's packages.

https://security-tracker.debian.org/tracker/CVE-2023-45853

zlib (contrib/minizip not built and producing binary packages)

Similar to https://github.com/docker-library/python/issues/881