3.7.7-alpine-3.11 sqlite vulnerabilities #471
Comments
|
See https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-so-many-cves A CVE doesn't imply having an actual vulnerability, and often is even a false positive (given how most distributions handle versioning/security updates in stable releases). If there are actionable items we can resolve, we're happy to do so (and do so actively). We update all Debian based images to include any updates in apt packages at least monthly (we regenerate the base images and then rebuild all dependent images). Sqlite is at the latest version the Alpine 3.11 repo's offer $ docker run -it --rm python:3.7.7-alpine3.11 ash
/ # apk upgrade
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz
Upgrading critical system libraries and apk-tools:
(1/1) Upgrading apk-tools (2.10.4-r3 -> 2.10.5-r0)
Executing busybox-1.31.1-r9.trigger
Continuing the upgrade transaction with new apk-tools:
(1/4) Upgrading libcrypto1.1 (1.1.1d-r3 -> 1.1.1g-r0)
(2/4) Upgrading ncurses-terminfo-base (6.1_p20200118-r2 -> 6.1_p20200118-r3)
(3/4) Upgrading ncurses-libs (6.1_p20200118-r2 -> 6.1_p20200118-r3)
(4/4) Upgrading libssl1.1 (1.1.1d-r3 -> 1.1.1g-r0)
Executing ca-certificates-20191127-r1.trigger
OK: 11 MiB in 34 packages |
Sqlite 3.30.1-r1 has 13 critical vulnerabilities
OS distributionAlpine Linux v3.11
OS release3.11.3
Sqlite 3.31.1-r0
OS distributionAlpine Linux v3.11
OS release3.11.5
I thought I would see it remediated in release3.11.5 but still seeing same vulnerabilities reported when scanning image.
The text was updated successfully, but these errors were encountered: