[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [scl.org] ubi8/nodejs14 update request



Hi Jim,

as was already said, the CVE fix already shipped (I guess your mail was stuck in some moderation queue?) and the image rebuilt to incorporate the fix.
So just for the record - the grade of the image only gets dropped when the CVE is actually fixed in the specific RHEL or RHSCL version and will drop lower the longer it takes to rebuild the image to add the CVE fix in. If there is a known vulnerability but the fix for it is not yet shipped, then the images will stay in grade A.

HTH,
Petr

On 2/8/21 10:08 PM, Jim Knochelmann wrote:
 
Hello,
 
I am interested in a version bump to image https://catalog.redhat.com/software/containers/ubi8/nodejs-14/5ed7887dd70cc50e69c2fabb  . 
 
There seems to be a discrepancy between the "security" tab, which is reporting a health index of "A" with no problems, and Red Hat's security info for nodejs 14 on RHEL 8: https://access.redhat.com/security/cve/CVE-2020-8277  which shows that CVE-2020-8277 has not yet been fixed.  Is CVE-2020-8277 a security concern?  It is possible that I am just interpreting the reports incorrectly.  
 
If you are available on IBM slack, I am up at @JimKnochelmann .
 
Thank you,
 
Jim Knochelmann
Software Engineer
IBM Watson - Natural Language Understanding
+1 (720) 515-4454
jim knochelmann ibm com


_______________________________________________
SCLorg mailing list
SCLorg redhat com
https://listman.redhat.com/mailman/listinfo/sclorg

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]