docker-library / official-images

Primary source of truth for the Docker "Official Images" program

https://hub.docker.com/u/library

Fix CVE-2023-24538 and CVE-2023-24540

deshruch opened this issue a month ago · comments

deshruch commented a month ago

The CVEs still exist in linux/amd64 images

Laurent Goderre commented a month ago

This doc explains why this is a false positive: https://github.com/tianon/gosu/blob/master/SECURITY.md

Tianon Gravi commented a month ago

See also https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves