CVE-2023-52425⁠ - Rebuild alpine-based images

docker-library / python

Docker Official Image packaging for Python

https://www.python.org/

MIT License

2.54k stars 1.07k forks source link

CVE-2023-52425⁠ - Rebuild alpine-based images #908

Closed se7entyse7en closed 6 months ago

se7entyse7en commented 7 months ago

We're currently using python:3.12-alpine and we noticed that it's affected by CVE-2023-52425⁠. This is confirmed also by checking in Dockerhub.

The base image alpine:3.19 should be fixed as confirmed by the Alpine security tracker. I guess that the fix landed after the last push of the python:3.12-alpine image that Dockerhub says it happened on the 8th of February.

Would it be possible to re-trigger the image build and push to Dockerhub?

LianwMS commented 6 months ago

Any updated about the issue?

LaurentGoderre commented 6 months ago

I believe this was fixed. The image was rebuilt 2 days ago and that CVE isn't in the tag anymore.

https://hub.docker.com/layers/library/python/3.12-alpine/images/sha256-1fe546118cb1a5373a7716527a067b4d6f24924829096b8f093084fde6ff98e4?context=explore

tianon commented 6 months ago

Indeed :+1: