hubertdeng123
commented
8 months ago Thanks for reporting this to us. I'm going to transfer this over to getsentry/symbolicator. For reference, security has given us a csv file with all the CVEs.
Closed ziler-orca closed 8 months ago
hubertdeng123
commented
8 months ago Thanks for reporting this to us. I'm going to transfer this over to getsentry/symbolicator. For reference, security has given us a csv file with all the CVEs.
Swatinem
commented
8 months ago All of these are in the base image packages, no are in symbolicators Rust code or any of the Rust dependencies.
So is there anything other to do here than to run an apt upgrade in the base docker image?
hubertdeng123
commented
8 months ago So is there anything other to do here than to run an apt upgrade in the base docker image?
Guess not then 🙂
So the apt upgrade should be run in https://github.com/getsentry/symbolicator/blob/master/Dockerfile?
Self-Hosted Version
23.9.1
CPU Architecture
x86_64
Docker Version
24.0.6
Docker Compose Version
v2.21.0
Steps to Reproduce
The sentry-getsentry/symbolicator image
23.9.1has several vulnerabilities. Please see attached.symbolicator_cves.xlsx
Expected Result
Patch the vulnerabilities.
Actual Result
Please refer to spreadsheet attached above for details.
Event ID
No response