> I see no open bugs against `gosu` : > https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=gosu , and > it needs to be confirmed that it's built against golang 1.17 > in `debian`. Not my expertise
gosu is built with golang-any and in Noble, that defaults to 1.22. I think golang-any should be patched for those vulnerabilities and therefore needs a no-change rebuild to fix all this. :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2072883 Title: Docker scout reports critical and high vulnerabilities for Ubuntu docker images with installed gosu To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2072883/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
