schmunk42
commented
11 months ago It has to be fixed in the underlying Debian image, then it has to be built on Docker Hub, this triggers a rebuild of PHP images on Docker Hub, then we can (manually) trigger an update or wait for the weekly builds.
If you see that the bug is fixed in the PHP (base-)image, let us know.
Hello,
Details of the announced curl vulnerabilities have been released to the public:
https://github.com/curl/curl/discussions/12026 https://curl.se/docs/CVE-2023-38545.html https://curl.se/docs/CVE-2023-38546.html
I believe ex. docker image yiisoftware/yii2-php:8.2-apache ships with a vulnerable version of curl/libcurl.
Is it being looked into?
Thanks in advance!