CVE: Container images related to ptp-notification have one or more critical or high CVEs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Andre Mauricio Zelak |
Bug Description
Brief Description
-----------------
The following images related to ptp-notification are old and have CVEs:
- docker.
- docker.
- docker.
They should be updated/rebuilt to pick up CVE fixes
Severity
--------
Major - CVE / vulnerability issues
Steps to Reproduce
------------------
CVE scan using 3rd party tool
Expected Behavior
------------------
No/limited CVEs are reported
Actual Behavior
----------------
Many CVEs are reported
Reproducibility
---------------
Reproducible
System Configuration
-------
Any
Branch/Pull Time/Commit
-------
The above images are used in all recent stx main branch builds
Last Pass
---------
N/A
Timestamp/Logs
--------------
Not Required
Test Activity
-------------
CVE scan
Workaround
----------
None
Changed in starlingx: | |
importance: | Undecided → Medium |
description: | updated |
Changed in starlingx: | |
assignee: | nobody → Andre Mauricio Zelak (azelak) |
tags: | added: stx.9.0 stx.networking stx.security |
description: | updated |
tags: | added: stx.apps |
Fix proposed to branch: master /review. opendev. org/c/starlingx /ptp-notificati on-armada- app/+/907099
Review: https:/