False positive: CVE-2023-47100 (duplicate of CVE-2023-47038) in perl-5.36.2 #2137
Labels
bug
Something isn't working
changelog-ignore
Don't include this issue in the release changelog
false-positive
Comments
nielsaka
changed the title
|
Thanks, this should be addressed with the latest published grype database |
|
👍 Confirmed this morning that this is no longer showing up when scanning Here is the full list of |
westonsteimel
added
the
changelog-ignore
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happened:
Grype reports alpine perl-5.36.2-r0 being affected by critical CVE-2023-47100.
What you expected to happen:
No CVE. According to Ubuntu and Redhat, CVE-2023-47100 is a duplicate of CVE-2023-47038. The latter has been fixed in perl-5.36.2 see release notes of perl and secdb for alpine 3.17.
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
I presume the same behaviour holds for the other perl versions perl-5.38.1 and perl-5.34.2 that were updated on 2023-11-25 see here.
perl-5.38.1a (2023-11-25T15:59:13)
perl-5.36.2a (2023-11-25T15:59:01)
perl-5.34.2a (2023-11-25T15:58:49)
perl-5.38.1 (2023-11-25T15:21:49)
perl-5.36.2 (2023-11-25T15:20:11)
perl-5.34.2 (2023-11-25T15:19:49)
Environment:
Output of
grype version:Application: grype
Version: 0.80.1
BuildDate: 2024-09-11T17:30:28Z
GitCommit: 9fb2194
GitDescription: v0.80.1
Platform: linux/amd64
GoVersion: go1.23.1
Compiler: gc
Syft Version: v1.12.2
Supported DB Schema: 5
OS (e.g:
cat /etc/os-releaseor similar):PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
The text was updated successfully, but these errors were encountered: