CVE-2023-45853 zlib/minizip vulnerability

Question

CVE-2023-45853 zlib/minizip vulnerability

adespain opened this issue 6 months ago · 1 comments

Scanning the latest 16.2 version of the docker postgres image I see it has the CVE-2023-45853 listed. Is there some way to fix this or is it a false positive?

Answer 1 · 2024-02-27T22:10:23.000Z

I'd call this a false positive as the minizip source from within zlib isn't used to produce a binary in Debian's packages.

https://security-tracker.debian.org/tracker/CVE-2023-45853

zlib (contrib/minizip not built and producing binary packages)

Similar to docker-library/python#881