CVE-2023-52425⁠ in most images except alpine

docker-library / python

Docker Official Image packaging for Python

https://www.python.org/

MIT License

2.5k stars 1.04k forks source link

CVE-2023-52425⁠ in most images except alpine #922

Closed JGSweets closed 2 months ago

JGSweets commented 2 months ago

This was resolved for alpine in #908, but remains unresolved for most, if not all other images.

The debian images the slim versions come from have resolved this issue, but it still remains present in the python images. https://hub.docker.com/_/debian/tags.

For non-slim versions utilizing buildpack-deps, I've created an issue on the associated repo here: https://github.com/docker-library/buildpack-deps/issues/156

yosifkit commented 2 months ago

https://github.com/docker-library/buildpack-deps/issues/156#issuecomment-2067254820

jfinkhaeuser commented 2 months ago

So let me understand the process here. What happens if/when upstream images start including the expat fix?