openvsx [Vulnerability] debian libfreetype6 2.9.1 in docker image openvsx-server (CVE-2020-15999)

[Vulnerability] debian libfreetype6 2.9.1 in docker image openvsx-server (CVE-2020-15999)

Open amtadev opened this issue 2 years ago • 2 comments

I downloaded and scanned openvsx-server docker image version 72706d1, and found that it has/uses/references debian libfreetype6 2.9.1-3+deb10u1 (CVE-2020-15999).

could you confirm if this is actually used within the image? And if yes, are there any plans to update it to >= 2.10.4?

Jun 08 '22 13:06 amtadev

@amtadev How are CefSharp and libfreetype6 2.9.1-3+deb10u1 related?

Jun 16 '22 10:06 amvanbaren

freetype is a font rendering engine library which is used by cefSharp and chromium. Google chrome version 86.0.4240.111 or newer has this vulnerability patched, but that of course depends on the user/client. https://nvd.nist.gov/vuln/detail/CVE-2020-15999

Jun 20 '22 12:06 amtadev

openvsx openvsx copied to clipboard

[Vulnerability] debian libfreetype6 2.9.1 in docker image openvsx-server (CVE-2020-15999)

openvsx
openvsx copied to clipboard