Issue 2551268: Clear grype reports of CVE-2022-3515 issues with gpg in docker container - Roundup tracker

classification

Title:	Clear grype reports of CVE-2022-3515 issues with gpg in docker container
Type:	security	Severity:	normal
Components:	Mail interface	Versions:

process

Status:	closed	Resolution:	rejected
Dependencies		Superseder:
Assigned To:	rouilj	Nosy List:	rouilj
Priority:		Keywords:

Created on 2023-03-04 21:51 by rouilj, last changed 2023-03-14 03:33 by rouilj.

Messages
msg7738	Author: [hidden] (rouilj)	Date: 2023-03-04 21:51
It looks like the library affected by the CVE was fixed by alpine. But the gpg toolchain linked with it was not rebuilt against the fixed statically linked library. Opened: https://gitlab.alpinelinux.org/alpine/aports/-/issues/14682
msg7742	Author: [hidden] (rouilj)	Date: 2023-03-14 03:33
False positive. Opened an issue with grype to fix. https://github.com/anchore/grype/issues/1158 Cleared the false positives.

History
Date	User	Action	Args
2023-03-14 03:33:08	rouilj	set	status: new -> closed resolution: remind -> rejected messages: + msg7742
2023-03-04 21:51:54	rouilj	set	resolution: remind
2023-03-04 21:51:45	rouilj	create