search

docker-library / ruby

Docker Official Image packaging for Ruby
http://www.ruby-lang.org/
BSD 2-Clause "Simplified" License
590 stars 334 forks source link

CVE-2023-31484 CWE-295 debian:bookworm:libperl #477

Closed ayush2629 closed 3 weeks ago

ayush2629 commented 3 weeks ago

image - 3.1.6 slimbookworm

affected - debian:bookworm:libperl5.36

yosifkit commented 3 weeks ago

The perl package comes from Debian's packages and there is not a fix available in Debian Bookworm: https://security-tracker.debian.org/tracker/CVE-2023-31486. Without a package update in Debian there in not anything we can do.

Official Images FAQ:

Though not every CVE is removed from the images, we take CVEs seriously and try to ensure that images contain the most up-to-date packages available within a reasonable time frame

- https://github.com/docker-library/faq/tree/0ad5fd60288109c875a54a37f6581b2deaa836db#why-does-my-security-scanner-show-that-an-image-has-cves