Ubuntu
glibc package

  1. Bug #2037516
  2. Comment #2

Comment 2 for bug 2037516

Revision history for this message
Daniel Black (daniel-black) wrote :

The CVE status on https://ubuntu.com/security/CVE-2023-5156 for most Ubuntu Distos is "Deferred" however according to https://git.launchpad.net/ubuntu-cve-tracker/tree/README#n352- "Deferred" says the "package is vulnerable".

As a result of this vulnerable indicator, all ubuntu (non-manic) based container images are being reported as vulnerable on Docker Scout.

e.g.: top CVE on https://hub.docker.com/layers/library/mariadb/latest/images/sha256-7c58576f7e85def1dab9bf216d2de666c72e724aa4a7cf8c8cd5f1f0935827aa?context=explore

A "not-affected" affected classification would be more appropriate.