drupal icon indicating copy to clipboard operation
drupal copied to clipboard

Published 20 hours ago verified publisher icon docker-library

Critical and high severity fixes from drupal:latest tag

Open aprasadfos opened this issue 1 year ago • 2 comments

Hi doijanky,

Can we get some date by when the Critical and high severity issues can be fixed from drupal:latest tag image.

aprasadfos avatar Jul 11 '24 13:07 aprasadfos

The fixes for these CVEs have not been backported to the versions of debian used.

https://scout.docker.com/vulnerabilities/id/CVE-2024-38475?s=debian&n=apache2&ns=debian&t=deb&osn=debian&osv=12&vr=%3E%3D2.4.59-1~deb12u1&utm_source=hub https://scout.docker.com/vulnerabilities/id/CVE-2024-39573?s=debian&n=apache2&ns=debian&t=deb&osn=debian

LaurentGoderre avatar Jul 11 '24 16:07 LaurentGoderre

See also https://security-tracker.debian.org/, especially https://security-tracker.debian.org/tracker/CVE-2024-38475

Also, https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves

tianon avatar Jul 11 '24 17:07 tianon