SISheogorath
commented
4 years ago To quote the person who disclosed this CVE:
The bug is present in all versions after 0.9.12, up through the current (1.1.23) release. Only 32-bit x86 systems (aka IA32, musl's "i386" arch) are affected. Users of other archs, including x86_64, can safely ignore this issue.
Since we don't provide 32-bit (aka. "i386") Images, we aren't affected by this. Also this issue has to be addressed in the upstream image not in InspIRCd. You should always verify results of such scanners and assess the risk. Anyway, thanks for your report and I'm glad you look into our images :)
-- Signed Sheogorath
OpenPGP: https://shivering-isles.com/openpgp/0xFCB98C2A3EC6F601.txt
I scanned the docker image with Salus and it has CVE report. Can you please update musl 1.1.20-~ to 1.1.20-r5 in docker image?