Package: docker.io Version: 19.03.12+dfsg1-4 Severity: important File: /usr/share/docker.io/contrib/mkimage/debootstrap User: [email protected] Usertags: bullseye-security
The above script references /updates instead of -security for the
bullseye release and later. This means that images generated for
bullseye will be missing fixes for security issues. Probably this issue
should also get fixed in Debian buster and stretch too. I filed this
bug at severity important as I'm not sure how often this script is
used, please upgrade this bug report to severity serious if this script
is always used for generating Debian Docker images.
$ grep -C3 /updates /usr/share/docker.io/contrib/mkimage/debootstrap
case "$lsbDist" in
debian)
# updates and security!
if curl -o /dev/null -s --head --location --fail
"http://security.debian.org/dists/$suite/updates/main/binary-$(rootfs_chroot
dpkg --print-architecture)/Packages.gz"; then
(
set -x
sed -i "
p;
s/ $suite / ${suite}-updates /
" "$rootfsDir/etc/apt/sources.list"
echo "deb http://security.debian.org
$suite/updates main" >> "$rootfsDir/etc/apt/sources.list"
)
fi
;;
$ wget
http://security.debian.org/dists/bullseye/updates/main/binary-amd64/Packages.gz
--2020-09-09 14:00:44--
http://security.debian.org/dists/bullseye/updates/main/binary-amd64/Packages.gz
Resolving security.debian.org (security.debian.org)... 151.101.128.204,
151.101.64.204, 151.101.192.204, ...
Connecting to security.debian.org (security.debian.org)|151.101.128.204|:80...
connected.
HTTP request sent, awaiting response... 404 Not Found
2020-09-09 14:00:44 ERROR 404: Not Found.
--
bye,
pabs
https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
