<div dir="ltr"><div class="gmail_default" style="font-family:comic sans ms,sans-serif">Hello,</div><div class="gmail_default" style="font-family:comic sans ms,sans-serif"><br></div><div class="gmail_default" style="font-family:comic sans ms,sans-serif">Any updates on the last 2 queries ?</div><div class="gmail_default" style="font-family:comic sans ms,sans-serif"><br></div><div class="gmail_default" style="font-family:comic sans ms,sans-serif">Thanks in advance.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Mar 19, 2020 at 4:46 PM Abhinay Purty <<a href="mailto:apurty@redhat.com">apurty@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:"comic sans ms",sans-serif">@ Petr, Thanks for the update and opening up a ticket for the mentioned issue.<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Mar 19, 2020 at 1:37 PM Petr Kubat <<a href="mailto:pkubat@redhat.com" target="_blank">pkubat@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div>
    <p>Hi Abhinay,<br>
    </p>
    <div>On 3/19/20 8:28 AM, Abhinay Purty
      wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">
        <div class="gmail_default" style="font-family:"comic sans ms",sans-serif">
          <div class="gmail_default">Hello Team,</div>
          <div class="gmail_default"><br>
          </div>
          <div class="gmail_default">IHAC with a few queries.</div>
          <div class="gmail_default"><br>
          </div>
          <div class="gmail_default">
            <pre style="white-space:pre-wrap;background:none;box-sizing:border-box;overflow:auto;font-size:12px;padding:0px;margin-top:0px;margin-bottom:0px;line-height:1.66667;color:rgb(40,45,51);word-break:normal;border:none;border-radius:1px"><span style="box-sizing:border-box">1. Does the following images contain the security fixes that is mentioned in '<a href="https://nodejs.org/en/blog/vulnerability/february-2020-security-releases" target="_blank">https://nodejs.org/en/blog/vulnerability/february-2020-security-releases</a>'
(CVE-2019-15604, CVE-2019-15605, CVE-2019-15606)?
[*] <a href="https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/nodejs-12" target="_blank">https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/nodejs-12</a>
[*] <a href="https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/nodejs-12" target="_blank">https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/nodejs-12</a>
If I understand correctly, the latest version of those images are built before security fixes CVE-2019-15604[1], CVE-2019-15605[2], CVE-2019-15606[3] were released.

[1] <a href="https://access.redhat.com/security/cve/CVE-2019-15604" target="_blank">https://access.redhat.com/security/cve/CVE-2019-15604</a>
[2] <a href="https://access.redhat.com/security/cve/CVE-2019-15605" target="_blank">https://access.redhat.com/security/cve/CVE-2019-15605</a>
[3] <a href="https://access.redhat.com/security/cve/CVE-2019-15606" target="_blank">https://access.redhat.com/security/cve/CVE-2019-15606</a>

</span></pre>
          </div>
        </div>
      </div>
    </blockquote>
    <p>The released images seem to be affected by the CVEs mentioned,
      but do not show up as such in the catalog. This is a problem and I
      have opened up a ticket against container grading to check what
      went wrong:
<a href="https://projects.engineering.redhat.com/projects/GRADING/issues/GRADING-125" target="_blank">https://projects.engineering.redhat.com/projects/GRADING/issues/GRADING-125</a></p>
    <p>The CVEs will soon be fixed (I have checked fixed builds are
      present) once the following advisory gets pushed:
      <a href="https://errata.devel.redhat.com/advisory/52592" target="_blank">https://errata.devel.redhat.com/advisory/52592</a><br>
    </p>
    <p><br>
    </p>
    <blockquote type="cite">
      <div dir="ltr">
        <div class="gmail_default" style="font-family:"comic sans ms",sans-serif">
          <div class="gmail_default">
            <pre style="white-space:pre-wrap;background:none;box-sizing:border-box;overflow:auto;font-size:12px;padding:0px;margin-top:0px;margin-bottom:0px;line-height:1.66667;color:rgb(40,45,51);word-break:normal;border:none;border-radius:1px"><span style="box-sizing:border-box">2.  Is there any  plans to release ubi8/nodejs-12 and rhel8/nodejs-12 s2i builder images that would include current LTS version of nodejs (12.16.1)? 

3. Does the ubi8/nodejs-12 and rhel8/nodejs-12 have vanilla installation of the nodejs runtime? Or is the nodejs runtime in those images Red Hat's own implementation of the nodejs runtime ?<font color="#888888">
</font></span></pre>
          </div>
        </div>
      </div>
    </blockquote>
    <p>I will leave these two to be answered by nodejs maintainers
      (added to CC). <br>
    </p>
    <p>Petr<br>
    </p>
    <blockquote type="cite">
      <div dir="ltr">
        <div class="gmail_default" style="font-family:"comic sans ms",sans-serif">
          <div class="gmail_default"><font color="#888888"><br>
            </font></div>
        </div>
        <div><br>
        </div>
        -- <br>
        <div dir="ltr">
          <div dir="ltr">
            <div>Regards,<br>
            </div>
            <p style="font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:capitalize;font-family:RedHatText,sans-serif">Abhinay
              Purty<br>
            </p>
            <p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"><span style="font-family:Arial,Helvetica,sans-serif;font-size:small;text-transform:none">Associate
                Technical Support Engineer</span></p>
            <p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"><a href="https://www.redhat.com" style="color:rgb(0,136,206);margin:0px" target="_blank">Red Hat India Pvt. Ltd.</a><br>
            </p>
            <div style="margin-bottom:4px"> </div>
            <p style="margin:0px;font-size:12px;font-family:RedHatText,sans-serif">
            </p>
            <a href="https://red.ht/sig" target="_blank"> <img src="https://static.redhat.com/libs/redhat/brand-assets/latest/corp/logo.png" width="90" height="auto"></a></div>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <pre>_______________________________________________
SCLorg mailing list
<a href="mailto:SCLorg@redhat.com" target="_blank">SCLorg@redhat.com</a>
<a href="https://www.redhat.com/mailman/listinfo/sclorg" target="_blank">https://www.redhat.com/mailman/listinfo/sclorg</a>
</pre>
    </blockquote>
  </div>

</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div>Regards,<br></div>

        <p style="font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:capitalize;font-family:RedHatText,sans-serif">Abhinay Purty<br></p>
        
        <p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"></p><p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"><span style="font-family:Arial,Helvetica,sans-serif;font-size:small;text-transform:none">Associate Technical Support Engineer</span></p><p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"><a href="https://www.redhat.com" style="color:rgb(0,136,206);margin:0px" target="_blank">Red Hat India Pvt. Ltd.</a><br></p>
    <div style="margin-bottom:4px">
      
      
    </div>
    <p style="margin:0px;font-size:12px;font-family:RedHatText,sans-serif">
      
      
      
    </p>
    
    

    
      
        
          <a href="https://red.ht/sig" target="_blank"> <img src="https://static.redhat.com/libs/redhat/brand-assets/latest/corp/logo.png" width="90" height="auto"></a></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div>Regards,<br></div>

        <p style="font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:capitalize;font-family:RedHatText,sans-serif">Abhinay Purty<br></p>
        
        <p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"></p><p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"><span style="font-family:Arial,Helvetica,sans-serif;font-size:small;text-transform:none">Associate Technical Support Engineer</span></p><p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"><a href="https://www.redhat.com" style="color:rgb(0,136,206);margin:0px" target="_blank">Red Hat India Pvt. Ltd.</a><br></p>
    <div style="margin-bottom:4px">
      
      
    </div>
    <p style="margin:0px;font-size:12px;font-family:RedHatText,sans-serif">
      
      
      
    </p>
    
    

    
      
        
          <a href="https://red.ht/sig" target="_blank"> <img src="https://static.redhat.com/libs/redhat/brand-assets/latest/corp/logo.png" width="90" height="auto"></a></div></div>