The `gosu` package doesn't import anything from `net` in stdlib, so those are both very definitely false positives.
(see https://github.com/tianon/gosu/blob/master/SECURITY.md, especially the bits about using govulncheck which would probably be helpful here / in Ubuntu at large ❤) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2072883 Title: Docker scout reports critical and high vulnerabilities for Ubuntu docker images with installed gosu To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2072883/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
