Hello, Any updates on the last 2 queries ?
Thanks in advance. On Thu, Mar 19, 2020 at 4:46 PM Abhinay Purty <apu...@redhat.com> wrote: > @ Petr, Thanks for the update and opening up a ticket for the mentioned > issue. > > On Thu, Mar 19, 2020 at 1:37 PM Petr Kubat <pku...@redhat.com> wrote: > >> Hi Abhinay, >> On 3/19/20 8:28 AM, Abhinay Purty wrote: >> >> Hello Team, >> >> IHAC with a few queries. >> >> 1. Does the following images contain the security fixes that is mentioned in >> 'https://nodejs.org/en/blog/vulnerability/february-2020-security-releases' >> (CVE-2019-15604, CVE-2019-15605, CVE-2019-15606)? >> [*] >> https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/nodejs-12 >> [*] >> https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/nodejs-12 >> If I understand correctly, the latest version of those images are built >> before security fixes CVE-2019-15604[1], CVE-2019-15605[2], >> CVE-2019-15606[3] were released. >> >> [1] https://access.redhat.com/security/cve/CVE-2019-15604 >> [2] https://access.redhat.com/security/cve/CVE-2019-15605 >> [3] https://access.redhat.com/security/cve/CVE-2019-15606 >> >> The released images seem to be affected by the CVEs mentioned, but do not >> show up as such in the catalog. This is a problem and I have opened up a >> ticket against container grading to check what went wrong: >> https://projects.engineering.redhat.com/projects/GRADING/issues/GRADING-125 >> >> The CVEs will soon be fixed (I have checked fixed builds are present) >> once the following advisory gets pushed: >> https://errata.devel.redhat.com/advisory/52592 >> >> >> 2. Is there any plans to release ubi8/nodejs-12 and rhel8/nodejs-12 s2i >> builder images that would include current LTS version of nodejs (12.16.1)? >> >> 3. Does the ubi8/nodejs-12 and rhel8/nodejs-12 have vanilla installation of >> the nodejs runtime? Or is the nodejs runtime in those images Red Hat's own >> implementation of the nodejs runtime ? >> >> I will leave these two to be answered by nodejs maintainers (added to >> CC). >> >> Petr >> >> >> >> -- >> Regards, >> >> Abhinay Purty >> >> Associate Technical Support Engineer >> >> Red Hat India Pvt. Ltd. <https://www.redhat.com> >> >> <https://red.ht/sig> >> >> _______________________________________________ >> SCLorg mailing >> listSCLorg@redhat.comhttps://www.redhat.com/mailman/listinfo/sclorg >> >> > > -- > Regards, > > Abhinay Purty > > Associate Technical Support Engineer > > Red Hat India Pvt. Ltd. <https://www.redhat.com> > > <https://red.ht/sig> > -- Regards, Abhinay Purty Associate Technical Support Engineer Red Hat India Pvt. Ltd. <https://www.redhat.com> <https://red.ht/sig>
_______________________________________________ SCLorg mailing list SCLorg@redhat.com https://www.redhat.com/mailman/listinfo/sclorg
