python

python copied to clipboard

python 2.7.18 alpine image based on broken musl version

1

The python 2.7.18 alpine image based on alpine 3.11.5 has a broken ld-musl build. Its using musl 1.1.24 r2 which has a busted crc link between the musl and musl-dbg...

gnurizen

Inexplicable pip install caching behavior

1

I have been bashing my head against this for hours. I build my Docker image based on python:3.12, and then install my package like this: ``` FROM python:3.12 RUN mkdir...

maxupp

Debbuging a `-slim` image?

1

We are hitting a rare deadlock in production that can't be reproduced using debug images. Only way to debug it is to attach to the production image as the problem...

hterik

"debug build" for at least one image

2

Recently we had a C extension for python failing in production in an environment that we do not own ourselves. The data in that environment was causing the issues. Because...

gtoonstra

Hey guys, first of all, thank you for the work you are doing 🙏 Docker images of python are being shipped millions of times per month (if not per day),...

louis-jaris

Vulnerability in Python 3.10 (setuptools inside ensurepip folder)

6

We are working on Python 3.10 and found vulnerable version of setuptools package which is setuptools-65.5.0. We did see Python 3.10 already has a fix for setuptools package and updated...

bhupendra-vaishnav

bullseye images has issue with mktime OverflowError

8

Hi We are trying to run the following code snippet on bullseye after installing pytz ``` from datetime import datetime import time import pytz tz=pytz.timezone('America/New_York') nytime= datetime.utcnow().astimezone(tz) time.mktime(nytime.timetuple()) ``` But...

AhmadMS1988

duplicate path in $PATH

2

Minor nit. We blindly prepend /usr/local/bin onto the $PATH without looking to see if it's already there. This leads to duplication. `docker run --rm -it python:3.12-slim` ``` Python 3.12.1 (main,...

dotysan

python:3.11-slim-bookworm CVE-2023-5752

5

| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version | Title | |----------------|----------------|----------|--------|---------------------|---------------|--------------------------------------------------------------| | pip (METADATA) | CVE-2023-5752 | MEDIUM | fixed | 23.2.1 |...

trottomv

There are two new CVEs in open-ssh used by at least shared-tag `3.9`.

6

https://github.com/docker-library/python/blob/2d31ccc9f8487908ded7944a54b8e923eff9ad1f/3.9/bookworm/Dockerfile [CVE-2023-28531](https://us-east-1.console.aws.amazon.com/inspector/v2/home?region=us-east-1#/findings?by=all&findingArn=arn:aws:inspector2:us-east-1:274765720877:finding/05bfc72d889522b8e176d251786442b9) [CVE-2023-51385](https://us-east-1.console.aws.amazon.com/inspector/v2/home?region=us-east-1#/findings?by=all&findingArn=arn:aws:inspector2:us-east-1:274765720877:finding/48b458ccda0ecad8f38fdf22cee0b1bb) These two cve's have been found in the python:3.9 container. Both are critical. Remediation requires openssh 9.6 or better. The [manifest](https://github.com/docker-library/repo-info/blob/master/repos/python/local/3.9-bullseye.md#dpkg-source-package-openssh184p1-5deb11u2) shows 8.4 being in use.

mmynsted