Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Python:3.7 with CVE-2019-10131 #499

Closed
nirvanatao opened this issue Jun 17, 2020 · 1 comment
Closed

Python:3.7 with CVE-2019-10131 #499

nirvanatao opened this issue Jun 17, 2020 · 1 comment

Comments

@nirvanatao
Copy link

Python:3.7 with CVE-2019-10131
@wglambert
Copy link

See https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-so-many-cves
And docker-library/postgres#286 (comment) docker-library/openjdk#161, docker-library/openjdk#112, docker-library/postgres#286, docker-library/drupal#84, docker-library/official-images#2740, docker-library/ruby#117, docker-library/ruby#94, #152, docker-library/php#242, docker-library/buildpack-deps#46, docker-library/openjdk#185.

A CVE doesn't imply having an actual vulnerability, and often is even a false positive (given how most distributions handle versioning/security updates in stable releases). If there are actionable items we can resolve, we're happy to do so (and do so actively). We update all Debian based images to include any updates in apt packages at least monthly (we regenerate the base images and then rebuild all dependent images).

https://security-tracker.debian.org/tracker/CVE-2019-10131

A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.

@tianon tianon closed this as completed Nov 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tianon @nirvanatao @wglambert