docker-library/drupal

Critical and high severity fixes from drupal:latest tag

aprasadfos opened this issue 2 months ago · 2 comments

aprasadfos commented 2 months ago

Hi doijanky,

Can we get some date by when the Critical and high severity issues can be fixed from drupal:latest tag image.

LaurentGoderre commented 2 months ago

The fixes for these CVEs have not been backported to the versions of debian used.

https://scout.docker.com/vulnerabilities/id/CVE-2024-38475?s=debian&n=apache2&ns=debian&t=deb&osn=debian&osv=12&vr=%3E%3D2.4.59-1~deb12u1&utm_source=hub
https://scout.docker.com/vulnerabilities/id/CVE-2024-39573?s=debian&n=apache2&ns=debian&t=deb&osn=debian

👍1

tianon commented 2 months ago

See also https://security-tracker.debian.org/, especially https://security-tracker.debian.org/tracker/CVE-2024-38475

Also, https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves