Giters

docker-library / python

Docker Official Image packaging for Python

Home Page:https://www.python.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-29491 and CVE-2023-4911 on python:3-slim

jmonsma opened this issue · comments

commented

Both CVE's are patched upstream in debian.
Ca we make sure these fixes are patched here as well!

CVE-2023-4911 patched in 2.31-13+deb11u7
CVE-2023-29491 patched in 6.2+20201114-2+deb11u2

commented

I believe dependency is inherited from the upstream Docker image (

python/3.12/slim-bookworm/Dockerfile

Line 7 in b7b91ef

FROM debian:bookworm-slim
). You should ask the maintainer of debian image. We will re-build automatically once they will publish new image: https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves

commented

Both have been addressed