varnish / docker-varnish

Official docker image
https://hub.docker.com/_/varnish
82 stars 34 forks source link

Debian Vulnerabilities in Most Recent Release #33

Closed mankee10200 closed 3 years ago

mankee10200 commented 3 years ago

I am seeing these two Debian vulnerabilities in the most recent tag 6.0.7-1.

  1. https://security-tracker.debian.org/tracker/CVE-2021-29154
  2. https://security-tracker.debian.org/tracker/CVE-2021-23133

Is it possible to update the Debian version to at least 4.19.194-1 (buster) in order to patch these vulnerabilities?

gquintard commented 3 years ago

hi, that should be done more or less automatically, the docker hub team regularly rebuild the images, and as you can see, we don't pull a specific debian image, so we have no real control over that (if we did we'd have to track the debian version and systematically update the Dockerfile)