Closed admivsn closed 10 months ago
There is no upstream fix from Debian maintainers: https://security-tracker.debian.org/tracker/CVE-2023-45853
@admivsn Do you know if there is python docker image that does not have this security issue?
any fixes planned for this ?
any fixes planned for this ?
There are no fixes in Debian packages (where the zlib
library comes from): https://security-tracker.debian.org/tracker/CVE-2023-45853; so, there is nothing we can do in the image to change it.
The vuln is technically in just minizip
, a separate part of the zlib
source and not included in the zlib1g
or zlib1g-dev
packages:
Hopefully the Debian Security tracker (https://security-tracker.debian.org/tracker/CVE-2023-45853) will be updated to reflect the fact that it doesn't seem to apply to buster, bullseye, or bookworm (like Ubuntu's tracker does).
Seems like Snyk is throwing up some errors, is anyone else suffering from the same issue?
Is anyone else suffering from the same issue?
https://github.com/madler/zlib/issues/868 https://snyk.io/test/docker/python%3A3.10 https://security.snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963