[ubuntu-hardened] Question fix version of several MySQL CVEs
Christian Dupuis
christian.dupuis at docker.com
Tue Mar 7 09:36:09 UTC 2023
Hey, one of our customers is reporting some CVE false positives for the mysql-8.0 package on Ubuntu 20.04.
The CVEs in question have a fix version of 8.0.32-0buntu0.20.04.1 (notice the missing ‘u’ in ‘buntu’) which seems incorrect.
One of the CVEs is at https://ubuntu.com/security/CVE-2023-21881. What would be the procedure to get these fixed?
The following CVEs all have a similar fix version:
"CVE-2023-21863"
"CVE-2023-21877"
"CVE-2023-21880"
"CVE-2023-21876"
"CVE-2023-21873"
"CVE-2023-21869"
"CVE-2023-21887"
"CVE-2023-21879"
"CVE-2023-21878"
"CVE-2023-21836"
"CVE-2023-21868"
"CVE-2023-21871"
"CVE-2023-21867"
"CVE-2023-21870"
"CVE-2023-21883"
"CVE-2023-21882"
"CVE-2023-21875"
"CVE-2023-21881"
Regards,
Christian Dupuis
Docker
More information about the ubuntu-hardened
mailing list