world-federation-of-advertisers / cross-media-measurement

A privacy centric system for cross publisher, cross media ads measurement through secure multiparty computations.
https://halo.wfanet.org/
Apache License 2.0
36 stars 11 forks source link

Fix code scanning alert - libexpat: integer overflow #1811

Closed SanjayVas closed 1 month ago

SanjayVas commented 1 month ago

Vulnerability CVE-2024-45492

Tracking issue for:

SanjayVas commented 1 month ago

Not yet fixed in upstream Debian Bookworm. See https://security-tracker.debian.org/tracker/CVE-2024-45491

SanjayVas commented 1 month ago

Looks like bookworm (security) has the fixed version now, which means it should be picked up by upstream distroless soon.

SanjayVas commented 1 month ago

Appears to be fixed in latest gcr.io/distroless/java17-debian12:nonroot (sha256:2db4acff2603088acaf67dac414462c9fcc3e2cc3ff9a642d5af9c7cff2b5fe9)