Package: cloud.debian.org Version: N/A X-Debbugs-CC: [email protected], [email protected]
Hi, This month, we identified that ten Debian official base images published on Docker Hub still contained one of the xz-utils backdoors (CVE-2024-3094). Could you please remove these images from Docker Hub? Affected Image Tags & Manifest Digests: - rc-buggy-20240311 (a702c7f4bb57a17762e258871f45f8273ae49bec5515452d5133e66450c95ba5) - experimental-20240311 (81992d9d8eb99b5cde98ba557a38a171e047b222a767dc7ec0ffe0a194b1c469) - unstable-20240311-slim (7a3332fbf100a0ef9762ead20a4224665768b237c5bfedfe0f86bf88e0c13b7a) - unstable-20240311 (8690225da3ca369e9be720446f73e0aa06f290776fdf2605b6ec80c2b229b9f6) - trixie-20240311-slim (d4e306f14b8b7389b36be8fb0eadab638cb7744546a33a74f0fc27bb9037dc14) - trixie-20240311 (85068c773f7fcc9c9acd8f244759cb2131e7a1775c5bf8d6710f76e7467fa3f1) - testing-20240311-slim (c2e15dd5788b20f360ab3f2d8b60111b6e8b011c5c4960e0129551c743f5cd30) - testing-20240311 (0746d89c588160d0470beaae7a55e38305ede06cb5717d132bd6a795610234d8) - sid-20240311-slim (94596b0770714bac6e8adef7e1d3dbc16245ad2978f94006587e44850343cb88) - sid-20240311 (0aff2113f50451631f0f8c22d85c97aad855d73545b6018fcbe9f0a78ae26583) All images contain the same backdoor sample: https://www.virustotal.com/gui/file/319feb5a9cddd81955d915b5632b4a5f8f9080281fb46e2f6d69d53f693c23ae Thanks, Takahiro
