<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Jim,</p>
<p>as was already said, the CVE fix already shipped (I guess your
mail was stuck in some moderation queue?) and the image rebuilt to
incorporate the fix.<br>
So just for the record - the grade of the image only gets dropped
when the CVE is actually fixed in the specific RHEL or RHSCL
version and will drop lower the longer it takes to rebuild the
image to add the CVE fix in. If there is a known vulnerability but
the fix for it is not yet shipped, then the images will stay in
grade A.</p>
<p>HTH,<br>
Petr<br>
</p>
<div class="moz-cite-prefix">On 2/8/21 10:08 PM, Jim Knochelmann
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:OFE248D44F.924591CB-ON00258676.00727DDA-00258676.0074183D@notes.na.collabserv.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div class="socmaildefaultfont" dir="ltr"
style="font-family:Arial, Helvetica, sans-serif;font-size:10pt">
<div dir="ltr"> </div>
<div dir="ltr">Hello,</div>
<div dir="ltr"> </div>
<div dir="ltr">I am interested in a version bump to image <a
href="https://catalog.redhat.com/software/containers/ubi8/nodejs-14/5ed7887dd70cc50e69c2fabb"
moz-do-not-send="true">https://catalog.redhat.com/software/containers/ubi8/nodejs-14/5ed7887dd70cc50e69c2fabb</a>
. </div>
<div dir="ltr"> </div>
<div dir="ltr">There seems to be a discrepancy between the
"security" tab, which is reporting a health index of "A" with
no problems, and Red Hat's security info for nodejs 14 on RHEL
8: <a
href="https://access.redhat.com/security/cve/CVE-2020-8277"
moz-do-not-send="true">https://access.redhat.com/security/cve/CVE-2020-8277</a>
which shows that CVE-2020-8277 has not yet been fixed. Is
CVE-2020-8277 a security concern? It is possible that I am
just interpreting the reports incorrectly. </div>
<div dir="ltr"> </div>
<div dir="ltr">If you are available on IBM slack, I am up at
@JimKnochelmann .</div>
<div dir="ltr"> </div>
<div dir="ltr">Thank you,</div>
<div dir="ltr"> </div>
<div dir="ltr"><font size="2" face="Default Sans
Serif,Verdana,Arial,Helvetica,sans-serif"><span
style="outline: none; font-family: "Helvetica
Neue", Helvetica, Arial, sans-serif; font-size: 12px;
font-weight: bold;"><font color="#121212">Jim Knochelmann</font></span><br
style="outline: none; font-family: "Helvetica
Neue", Helvetica, Arial, sans-serif; font-size:
12px;">
<span style="font-family: "Helvetica Neue",
Helvetica, Arial, sans-serif; font-size: 12px;"><font
color="#121212">Software Engineer</font></span></font>
<div><font size="2" face="Default Sans
Serif,Verdana,Arial,Helvetica,sans-serif"><span
style="font-family: "Helvetica Neue",
Helvetica, Arial, sans-serif; font-size: 12px;"><font
color="#121212">IBM Watson - Natural Language
Understanding</font></span><br style="outline: none;
font-family: "Helvetica Neue", Helvetica,
Arial, sans-serif; font-size: 12px;">
<span style="font-family: "Helvetica Neue",
Helvetica, Arial, sans-serif; font-size: 12px;"><font
color="#121212">+1 (720) 515-4454</font></span><br
style="outline: none; font-family: "Helvetica
Neue", Helvetica, Arial, sans-serif; font-size:
12px;">
<span style="font-family: "Helvetica Neue",
Helvetica, Arial, sans-serif; font-size: 12px;"><font
color="#121212"><a class="moz-txt-link-abbreviated" href="mailto:jim.knochelmann@ibm.com">jim.knochelmann@ibm.com</a></font></span></font></div>
</div>
</div>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
SCLorg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:SCLorg@redhat.com">SCLorg@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://listman.redhat.com/mailman/listinfo/sclorg">https://listman.redhat.com/mailman/listinfo/sclorg</a>
</pre>
</blockquote>
</body>
</html>