-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There are two new CVEs in open-ssh used by at least shared-tag 3.9
.
#896
Comments
Seeing the same issue. Looks like it's the underlying debian version being used? |
@wimaac, I expect that is true. Both appear to have resolutions.
Perhaps the fix for the Python image is to update to use a resource in fixed status? |
This is going to be fixed when buildpack-deps ios updated. |
Is that on a schedule, or when does that happen? |
Background:
Official Images FAQ:
To ensure that we don't push contentless image changes, we rely on periodic base image updates.
So, there will likely be a |
Thanks for the updates! |
https://github.com/docker-library/python/blob/2d31ccc9f8487908ded7944a54b8e923eff9ad1f/3.9/bookworm/Dockerfile
CVE-2023-28531
CVE-2023-51385
These two cve's have been found in the python:3.9 container. Both are critical. Remediation requires openssh 9.6 or better. The manifest shows 8.4 being in use.
The text was updated successfully, but these errors were encountered: