Skip to content

Vulnerability patch in singleuser-sample #3671

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Vulnerability patch in singleuser-sample #3671

wants to merge 1 commit into from
+1 −1

Conversation

jupyterhub-bot
Copy link
Collaborator

@jupyterhub-bot jupyterhub-bot commented May 19, 2025
edited
Loading

A rebuild of quay.io/jupyterhub/k8s-singleuser-sample has been found to influence the detected vulnerabilities! This PR will trigger a rebuild because it has updated a comment in the Dockerfile.

About

This scan for known vulnerabilities has been made by aquasecurity/trivy. Trivy was configured to filter the vulnerabilities with the following settings:

  • ignore-unfixed: true

Before

Before trying to rebuild the image, the following vulnerabilities was detected in quay.io/jupyterhub/k8s-singleuser-sample:4.2.1-0.dev.git.7084.h2c1c71d9.

Target Vuln. ID Package Name Installed v. Fixed v.
debian CVE-2022-49043 libxml2 2.9.14+dfsg-1.3~deb12u1 2.9.14+dfsg-1.3~deb12u2
debian CVE-2023-39615 libxml2 2.9.14+dfsg-1.3~deb12u1 2.9.14+dfsg-1.3~deb12u2
debian CVE-2023-45322 libxml2 2.9.14+dfsg-1.3~deb12u1 2.9.14+dfsg-1.3~deb12u2
debian CVE-2024-25062 libxml2 2.9.14+dfsg-1.3~deb12u1 2.9.14+dfsg-1.3~deb12u2
debian CVE-2024-34459 libxml2 2.9.14+dfsg-1.3~deb12u1 2.9.14+dfsg-1.3~deb12u2
debian CVE-2024-56171 libxml2 2.9.14+dfsg-1.3~deb12u1 2.9.14+dfsg-1.3~deb12u2
debian CVE-2025-24928 libxml2 2.9.14+dfsg-1.3~deb12u1 2.9.14+dfsg-1.3~deb12u2
debian CVE-2025-27113 libxml2 2.9.14+dfsg-1.3~deb12u1 2.9.14+dfsg-1.3~deb12u2
debian CVE-2025-32414 libxml2 2.9.14+dfsg-1.3~deb12u1 2.9.14+dfsg-1.3~deb12u2
debian CVE-2025-32415 libxml2 2.9.14+dfsg-1.3~deb12u1 2.9.14+dfsg-1.3~deb12u2
debian CVE-2025-5222 libicu72 72.1-3 72.1-3+deb12u1

After

Target Vuln. ID Package Name Installed v. Fixed v.

@jupyterhub-bot jupyterhub-bot added the image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability label May 19, 2025
@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-singleuser-sample branch 2 times, most recently from c6657f2 to 8002820 Compare June 2, 2025 05:08
@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-singleuser-sample branch from 8002820 to ad895e5 Compare June 9, 2025 05:08
@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-singleuser-sample branch from ad895e5 to 9b8f4cb Compare June 16, 2025 05:09
@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-singleuser-sample branch from 9b8f4cb to 081622f Compare June 30, 2025 05:09
@jupyterhub-bot jupyterhub-bot force-pushed the vuln-scan-singleuser-sample branch from 081622f to 271e17b Compare July 1, 2025 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@consideRatio consideRatio Awaiting requested review from consideRatio

Assignees
No one assigned
Labels
image:rebuild-to-patch-vuln Image rebuild to patch a known external vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jupyterhub-bot