Hello, Can you please take a look at my query regarding CVE 2020-8174, as customer is pushing a lot to get the fix for this CVE in the latest version of node.js container image. Let me know if you need any more information from me so I can share it accordingly.
Thanks & Regards, Vaibhav Pagar TECHNICAL SUPPORT ENGINEER, Red Hat India Pvt. Ltd. <https://www.redhat.com> vpa...@redhat.com M: 7588040831 <http://redhatemailsignature-marketing.itos.redhat.com/> <https://red.ht/sig> @redhatnews <https://twitter.com/redhatnews> Red Hat <https://www.linkedin.com/company/red-hat> Red Hat <https://www.facebook.com/RedHatInc> On Thu, Jul 2, 2020 at 1:26 PM Vaibhav Pagar <vpa...@redhat.com> wrote: > Hello, > > I am Vaibhav Pagar and I am reaching out to you regarding query about the > container images of Node.js which you are maintaining. > One my customer is using below 2 container images which are affected by > the given CVE's > > ~~~ > 1] Image Node.js 10 > > > https://catalog.redhat.com/software/containers/ubi8/nodejs-10/5c839aa3d70cc51dd4c425d9?container-tabs=overview > > Affected by two CVE's :- > > > CVE-2020-13777 Fixed with >> RHSA-2020:2637 on 2020-06-22 > > CVE-2020-11080 Fixed with >> RHSA-2020:2755 on 2020-06-25 > > Both of the above CVE's are marked as important so their fix will be > released in container images soon as the actual fix for the package is > already released. > > > > 2] Image Node.js 12 > > > https://catalog.redhat.com/software/containers/ubi8/nodejs-12/5d3fff015a13461f5fb8635a?container-tabs=security > > Affected by two CVE's:- > > > CVE-2020-13777 Fixed with >> RHSA-2020:2637 on 2020-06-22 > > CVE-2020-11080 Fixed with >> RHSA-2020:2755 on 2020-06-25 > ~~~ > > I can see for both the CVE's the fix is already released for the affected > packages, so when can we expect the fix in Node.js container images? > Customers want to get this fix asap as the CVE is marked as important and > they said that it's affecting their deployments. > Can you please let me know any ETA for the fix? > > Thank you, > > Vaibhav Pagar > > TECHNICAL SUPPORT ENGINEER, > > Red Hat India Pvt. Ltd. <https://www.redhat.com> > > vpa...@redhat.com M: 7588040831 > <http://redhatemailsignature-marketing.itos.redhat.com/> > <https://red.ht/sig> > > @redhatnews <https://twitter.com/redhatnews> Red Hat > <https://www.linkedin.com/company/red-hat> Red Hat > <https://www.facebook.com/RedHatInc> >
_______________________________________________ SCLorg mailing list SCLorg@redhat.com https://www.redhat.com/mailman/listinfo/sclorg
