[scl.org] Queries regarding nodejs 12 image
Abhinay Purty
apurty at redhat.com
Wed Apr 1 05:41:57 UTC 2020
Thanks for the update @Honza Horak <hhorak at redhat.com>.
On Thu, Mar 26, 2020 at 7:18 PM Honza Horak <hhorak at redhat.com> wrote:
> Version nodejs v12.16.1 is already available in the container, the
> updated container was released few days back.
>
> Regards,
> Honza
>
> On 3/25/20 7:14 AM, Abhinay Purty wrote:
> > Hello,
> >
> > Any updates on the last 2 queries ?
> >
> > Thanks in advance.
> >
> > On Thu, Mar 19, 2020 at 4:46 PM Abhinay Purty <apurty at redhat.com
> > <mailto:apurty at redhat.com>> wrote:
> >
> > @ Petr, Thanks for the update and opening up a ticket for the
> > mentioned issue.
> >
> > On Thu, Mar 19, 2020 at 1:37 PM Petr Kubat <pkubat at redhat.com
> > <mailto:pkubat at redhat.com>> wrote:
> >
> > Hi Abhinay,
> >
> > On 3/19/20 8:28 AM, Abhinay Purty wrote:
> >> Hello Team,
> >>
> >> IHAC with a few queries.
> >>
> >> 1. Does the following images contain the security fixes that
> >> is mentioned in
> >> '
> https://nodejs.org/en/blog/vulnerability/february-2020-security-releases'
> >> (CVE-2019-15604, CVE-2019-15605, CVE-2019-15606)? [*]
> >>
> https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/nodejs-12
> >> [*]
> >>
> https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/nodejs-12
> >> If I understand correctly, the latest version of those images
> >> are built before security fixes CVE-2019-15604[1],
> >> CVE-2019-15605[2], CVE-2019-15606[3] were released. [1]
> >> https://access.redhat.com/security/cve/CVE-2019-15604 [2]
> >> https://access.redhat.com/security/cve/CVE-2019-15605 [3]
> >> https://access.redhat.com/security/cve/CVE-2019-15606
> >
> > The released images seem to be affected by the CVEs mentioned,
> > but do not show up as such in the catalog. This is a problem and
> > I have opened up a ticket against container grading to check
> > what went wrong:
> >
> https://projects.engineering.redhat.com/projects/GRADING/issues/GRADING-125
> >
> > The CVEs will soon be fixed (I have checked fixed builds are
> > present) once the following advisory gets pushed:
> > https://errata.devel.redhat.com/advisory/52592
> >
> >
> >> 2. Is there any plans to release ubi8/nodejs-12 and
> >> rhel8/nodejs-12 s2i builder images that would include current
> >> LTS version of nodejs (12.16.1)? 3. Does the ubi8/nodejs-12
> >> and rhel8/nodejs-12 have vanilla installation of the nodejs
> >> runtime? Or is the nodejs runtime in those images Red Hat's
> >> own implementation of the nodejs runtime ?
> >
> > I will leave these two to be answered by nodejs maintainers
> > (added to CC).
> >
> > Petr
> >
> >>
> >>
> >> --
> >> Regards,
> >>
> >> Abhinay Purty
> >>
> >> Associate Technical Support Engineer
> >>
> >> Red Hat India Pvt. Ltd. <https://www.redhat.com>
> >>
> >> <https://red.ht/sig>
> >>
> >> _______________________________________________
> >> SCLorg mailing list
> >> SCLorg at redhat.com <mailto:SCLorg at redhat.com>
> >> https://www.redhat.com/mailman/listinfo/sclorg
> >
> >
> >
> > --
> > Regards,
> >
> > Abhinay Purty
> >
> > Associate Technical Support Engineer
> >
> > Red Hat India Pvt. Ltd. <https://www.redhat.com>
> >
> > <https://red.ht/sig>
> >
> >
> >
> > --
> > Regards,
> >
> > Abhinay Purty
> >
> > Associate Technical Support Engineer
> >
> > Red Hat India Pvt. Ltd. <https://www.redhat.com>
> >
> > <https://red.ht/sig>
> >
> > _______________________________________________
> > SCLorg mailing list
> > SCLorg at redhat.com
> > https://www.redhat.com/mailman/listinfo/sclorg
> >
>
>
--
Regards,
Abhinay Purty
Associate Technical Support Engineer
Red Hat India Pvt. Ltd. <https://www.redhat.com>
<https://red.ht/sig>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/sclorg/attachments/20200401/beec0e30/attachment.htm>
More information about the SCLorg
mailing list