Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update alpine to 3.18 #364

Closed
wants to merge 1 commit into from
Closed

Update alpine to 3.18 #364

wants to merge 1 commit into from

Conversation

orgads
Copy link
Contributor

@orgads orgads commented Oct 9, 2023

No description provided.

Signed-off-by: Orgad Shaneh <orgad.shaneh@audiocodes.com>
@orgads
Copy link
Contributor Author

orgads commented Oct 23, 2023

@ashie ping

@orgads
Copy link
Contributor Author

orgads commented Oct 23, 2023

Alpine 3.17 is vulnerable to CVE-2022-48174.

@ashie
Copy link
Member

ashie commented Oct 23, 2023

CVE-2022-48174 is for less than busybox 1.35 while Alpine 3.17 uses busybox 1.35.
So it's false positive.

Please see also #362 (comment)

@ashie ashie closed this Oct 23, 2023
@orgads
Copy link
Contributor Author

orgads commented Oct 24, 2023

CVE-2022-48174 is for less than busybox 1.35 while Alpine 3.17 uses busybox 1.35. So it's false positive.

Please see also #362 (comment)

Alpine 3.17 has busybox 1.29. See #362 (comment)

And even if it has been fixed in 3.17 - do you have a good reason not to upgrade to 3.18?

@ashie
Copy link
Member

ashie commented Oct 24, 2023

Alpine 3.17 has busybox 1.29. See #362 (comment)

Please see the comment carefully, it's 1.35-r29, not 1.29.

And even if it has been fixed in 3.17 - do you have a good reason not to upgrade to 3.18?

Please see the just above comment in the issue: #362 (comment)

@orgads
Copy link
Contributor Author

orgads commented Oct 24, 2023

Sorry, you're right. JFrog X-Ray scanner got me confused.

@orgads orgads deleted the alpine-3.18 branch October 24, 2023 10:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants