[scl.org] Queries regarding nodejs 12 image

Abhinay Purty apurty at redhat.com
Wed Apr 1 05:41:57 UTC 2020


Thanks for the update @Honza Horak <hhorak at redhat.com>.

On Thu, Mar 26, 2020 at 7:18 PM Honza Horak <hhorak at redhat.com> wrote:

> Version nodejs v12.16.1 is already available in the container, the
> updated container was released few days back.
>
> Regards,
> Honza
>
> On 3/25/20 7:14 AM, Abhinay Purty wrote:
> > Hello,
> >
> > Any updates on the last 2 queries ?
> >
> > Thanks in advance.
> >
> > On Thu, Mar 19, 2020 at 4:46 PM Abhinay Purty <apurty at redhat.com
> > <mailto:apurty at redhat.com>> wrote:
> >
> >     @ Petr, Thanks for the update and opening up a ticket for the
> >     mentioned issue.
> >
> >     On Thu, Mar 19, 2020 at 1:37 PM Petr Kubat <pkubat at redhat.com
> >     <mailto:pkubat at redhat.com>> wrote:
> >
> >         Hi Abhinay,
> >
> >         On 3/19/20 8:28 AM, Abhinay Purty wrote:
> >>         Hello Team,
> >>
> >>         IHAC with a few queries.
> >>
> >>         1. Does the following images contain the security fixes that
> >>         is mentioned in
> >>         '
> https://nodejs.org/en/blog/vulnerability/february-2020-security-releases'
> >>         (CVE-2019-15604, CVE-2019-15605, CVE-2019-15606)? [*]
> >>
> https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/nodejs-12
> >>         [*]
> >>
> https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/nodejs-12
> >>         If I understand correctly, the latest version of those images
> >>         are built before security fixes CVE-2019-15604[1],
> >>         CVE-2019-15605[2], CVE-2019-15606[3] were released. [1]
> >>         https://access.redhat.com/security/cve/CVE-2019-15604 [2]
> >>         https://access.redhat.com/security/cve/CVE-2019-15605 [3]
> >>         https://access.redhat.com/security/cve/CVE-2019-15606
> >
> >         The released images seem to be affected by the CVEs mentioned,
> >         but do not show up as such in the catalog. This is a problem and
> >         I have opened up a ticket against container grading to check
> >         what went wrong:
> >
> https://projects.engineering.redhat.com/projects/GRADING/issues/GRADING-125
> >
> >         The CVEs will soon be fixed (I have checked fixed builds are
> >         present) once the following advisory gets pushed:
> >         https://errata.devel.redhat.com/advisory/52592
> >
> >
> >>         2.  Is there any  plans to release ubi8/nodejs-12 and
> >>         rhel8/nodejs-12 s2i builder images that would include current
> >>         LTS version of nodejs (12.16.1)? 3. Does the ubi8/nodejs-12
> >>         and rhel8/nodejs-12 have vanilla installation of the nodejs
> >>         runtime? Or is the nodejs runtime in those images Red Hat's
> >>         own implementation of the nodejs runtime ?
> >
> >         I will leave these two to be answered by nodejs maintainers
> >         (added to CC).
> >
> >         Petr
> >
> >>
> >>
> >>         --
> >>         Regards,
> >>
> >>         Abhinay Purty
> >>
> >>         Associate Technical Support Engineer
> >>
> >>         Red Hat India Pvt. Ltd. <https://www.redhat.com>
> >>
> >>         <https://red.ht/sig>
> >>
> >>         _______________________________________________
> >>         SCLorg mailing list
> >>         SCLorg at redhat.com  <mailto:SCLorg at redhat.com>
> >>         https://www.redhat.com/mailman/listinfo/sclorg
> >
> >
> >
> >     --
> >     Regards,
> >
> >     Abhinay Purty
> >
> >     Associate Technical Support Engineer
> >
> >     Red Hat India Pvt. Ltd. <https://www.redhat.com>
> >
> >     <https://red.ht/sig>
> >
> >
> >
> > --
> > Regards,
> >
> > Abhinay Purty
> >
> > Associate Technical Support Engineer
> >
> > Red Hat India Pvt. Ltd. <https://www.redhat.com>
> >
> > <https://red.ht/sig>
> >
> > _______________________________________________
> > SCLorg mailing list
> > SCLorg at redhat.com
> > https://www.redhat.com/mailman/listinfo/sclorg
> >
>
>

-- 
Regards,

Abhinay Purty

Associate Technical Support Engineer

Red Hat India Pvt. Ltd. <https://www.redhat.com>

<https://red.ht/sig>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/sclorg/attachments/20200401/beec0e30/attachment.htm>


More information about the SCLorg mailing list