Various Vulnerabilities in expat@2.4.1-r0

Question

Various Vulnerabilities in expat@2.4.1-r0

alFReD-NSH opened this issue 3 years ago · 3 comments

Hi, Snyk and possibly other scanners report the following in the latest:

✗ Critical severity vulnerability found in expat/expat
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-ALPINE315-EXPAT-2393733
  Introduced through: expat/expat@2.4.1-r0, apr-util/apr-util@1.6.1-r11
  From: expat/expat@2.4.1-r0
  From: apr-util/apr-util@1.6.1-r11 > expat/expat@2.4.1-r0
  Fixed in: 2.4.4-r0

Lucky for us Alpine has already fixed this: https://git.alpinelinux.org/aports/commit/?id=be41ce63e47acb86474b88f069c75335f69f009a

and I can already see building it again will install the fixed expat@2.4.4-r0 in Github actions: https://github.com/docker-library/httpd/runs/5080563783?check_suite_focus=true

Can the maintainers please push a new build?

Answer 1 · 2022-02-26T00:31:03.000Z

Same comment as, docker-library/python#699 (comment). Once the base image updates, these images will be rebuilt as well.

Answer 2 · 2022-03-03T06:33:45.000Z

the base image got update
docker-library/python#699 (comment)

Answer 3 · 2022-03-16T23:26:06.000Z

docker-library/official-images#12055 👍