File tree Expand file tree Collapse file tree 4 files changed +159
-81
lines changed
Expand file tree Collapse file tree 4 files changed +159
-81
lines changed Original file line number Diff line number Diff line change 1+ # Unfixable LOW severity Debian packages - no upstream fix available
2+ # Last audited: 2026-01-12
3+ # These CVEs are acknowledged but cannot be remediated until Debian provides upstream fixes
4+
5+ # tar - no Debian fix
6+ CVE-2025-45582
7+ CVE-2005-2541
8+
9+ # glibc - core library, wontfix
10+ CVE-2019-9192
11+ CVE-2019-1010025
12+ CVE-2019-1010024
13+ CVE-2019-1010023
14+ CVE-2019-1010022
15+ CVE-2018-20796
16+ CVE-2010-4756
17+
18+ # openldap - no fix
19+ CVE-2026-22185
20+ CVE-2020-15719
21+ CVE-2017-17740
22+ CVE-2017-14159
23+ CVE-2015-3276
24+
25+ # systemd - no fix
26+ CVE-2023-31439
27+ CVE-2023-31438
28+ CVE-2023-31437
29+ CVE-2013-4392
30+
31+ # sqlite3 - no fix
32+ CVE-2025-52099
33+ CVE-2025-29088
34+ CVE-2021-45346
35+
36+ # krb5 - no fix
37+ CVE-2024-26461
38+ CVE-2024-26458
39+ CVE-2018-5709
40+
41+ # coreutils - no fix
42+ CVE-2025-5278
43+ CVE-2017-18018
44+
45+ # libgcrypt20 - no fix
46+ CVE-2024-2236
47+ CVE-2018-6829
48+
49+ # openssl - no fix
50+ CVE-2025-27587
51+ CVE-2010-0928
52+
53+ # perl - no fix
54+ CVE-2023-31486
55+ CVE-2011-4116
56+
57+ # net-tools - no fix
58+ CVE-2002-1976
59+
60+ # iputils - no fix
61+ CVE-2025-47268
62+
63+ # gnutls28 - no fix
64+ CVE-2011-3389
65+
66+ # util-linux - no fix
67+ CVE-2022-0563
68+
69+ # apt - no fix
70+ CVE-2011-3374
71+
72+ # gcc-12 - no fix
73+ CVE-2022-27943
Original file line number Diff line number Diff line change @@ -32,10 +32,12 @@ RUN groupadd -r app && useradd -r -g app -u 1000 app
3232
3333# Install runtime system dependencies
3434# Removed dnsutils to fix CVE-2025-40777 (bind9 vulnerability)
35+ # Security: Upgrade pam (CVE-2025-6020) and gnupg2 (CVE-2025-68973) to latest patched versions
3536RUN apt-get update && apt-get install -y \
3637 libpq-dev \
3738 iputils-ping \
3839 net-tools \
40+ && apt-get upgrade -y libpam-modules libpam-runtime libpam0g gnupg gpg \
3941 && rm -rf /var/lib/apt/lists/* \
4042 && apt-get clean
4143
Original file line number Diff line number Diff line change @@ -16,9 +16,10 @@ dependencies = [
1616 " setuptools>=78.1.1"
1717 # Security: Force updated versions to fix CVEs (Dec 6, 2025 update)
1818 " starlette>=0.49.1" # CVE-2025-62727, CVE-2025-54121
19- " urllib3>=2.6.0 " # CVE-2025-66471, CVE-2025-66418 (FIXED: upgraded from 2.5.0 )
19+ " urllib3>=2.6.3 " # CVE-2026-21441 (data amplification attack )
2020 " requests>=2.32.4" # CVE-2024-47081
21- " aiohttp>=3.12.14" # CVE-2025-53643
21+ " aiohttp>=3.13.3" # CVE-2025-69223 + 7 security fixes
22+ " filelock>=3.20.1" # CVE-2025-68146 (race condition fix)
2223]
2324license = " mit"
2425license-files = [" LICENSE"
You can’t perform that action at this time.
0 commit comments