The CVE status on https://ubuntu.com/security/CVE-2023-5156 for most Ubuntu Distos is "Deferred" however according to https://git.launchpad.net/ubuntu-cve-tracker/tree/README#n352- "Deferred" says the "package is vulnerable".
As a result of this vulnerable indicator, all ubuntu (non-manic) based container images are being reported as vulnerable on Docker Scout.
e.g.: top CVE on https://hub.docker.com/layers/library/mariadb/latest/images/sha256-7c58576f7e85def1dab9bf216d2de666c72e724aa4a7cf8c8cd5f1f0935827aa?context=explore
A "not-affected" affected classification would be more appropriate.
The CVE status on https:/ /ubuntu. com/security/ CVE-2023- 5156 for most Ubuntu Distos is "Deferred" however according to https:/ /git.launchpad. net/ubuntu- cve-tracker/ tree/README# n352- "Deferred" says the "package is vulnerable".
As a result of this vulnerable indicator, all ubuntu (non-manic) based container images are being reported as vulnerable on Docker Scout.
e.g.: top CVE on https:/ /hub.docker. com/layers/ library/ mariadb/ latest/ images/ sha256- 7c58576f7e85def 1dab9bf216d2de6 66c72e724aa4a7c f8c8cd5f1f09358 27aa?context= explore
A "not-affected" affected classification would be more appropriate.