[scl.org] ubi8/nodejs14 update request
Petr Kubat
pkubat at redhat.com
Wed May 12 10:30:23 UTC 2021
Hi Jim,
as was already said, the CVE fix already shipped (I guess your mail was
stuck in some moderation queue?) and the image rebuilt to incorporate
the fix.
So just for the record - the grade of the image only gets dropped when
the CVE is actually fixed in the specific RHEL or RHSCL version and will
drop lower the longer it takes to rebuild the image to add the CVE fix
in. If there is a known vulnerability but the fix for it is not yet
shipped, then the images will stay in grade A.
HTH,
Petr
On 2/8/21 10:08 PM, Jim Knochelmann wrote:
> Hello,
> I am interested in a version bump to image
> https://catalog.redhat.com/software/containers/ubi8/nodejs-14/5ed7887dd70cc50e69c2fabb
> <https://catalog.redhat.com/software/containers/ubi8/nodejs-14/5ed7887dd70cc50e69c2fabb>
> .
> There seems to be a discrepancy between the "security" tab, which is
> reporting a health index of "A" with no problems, and Red Hat's
> security info for nodejs 14 on RHEL 8:
> https://access.redhat.com/security/cve/CVE-2020-8277
> <https://access.redhat.com/security/cve/CVE-2020-8277> which shows
> that CVE-2020-8277 has not yet been fixed. Is CVE-2020-8277 a
> security concern? It is possible that I am just interpreting the
> reports incorrectly.
> If you are available on IBM slack, I am up at @JimKnochelmann .
> Thank you,
> Jim Knochelmann
> Software Engineer
> IBM Watson - Natural Language Understanding
> +1 (720) 515-4454
> jim.knochelmann at ibm.com
>
>
> _______________________________________________
> SCLorg mailing list
> SCLorg at redhat.com
> https://listman.redhat.com/mailman/listinfo/sclorg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/sclorg/attachments/20210512/6524297e/attachment.htm>
More information about the SCLorg
mailing list