On Wed, 29 Jan 2025 at 12:40, Rafał Lichwała <ra...@siliconet.pl> wrote:
> I've prepared some docker image based on Debian 12 (bookworm, fully > updated) and after upload it to local registry it has been automatically > scanned for possible vulnerabilities. > Then I was really surprised when discovered that according to this scan > there are 139 security vulnerabilities and 2 of them are CRITICAL (!). How does your "automatically scanned for possible vulnerabilites" actually work? Because Debian does backport security fixes, so simply checking the version number of the software does not indicate if the vulnerability has been fixed in Debian, or not. See here for more info: https://www.debian.org/security/faq#version
