You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@airflow.apache.org by Sahib Aulakh <sa...@liveearth.com> on 2023/03/01 15:10:03 UTC

Airflow 2.5.1 and CVE-2022-47629

NVD - CVE-2022-47629 (nist.gov)
<https://nvd.nist.gov/vuln/detail/CVE-2022-47629>

This issue is flagged by Twistlock scan. The following link:

Debian update for libksba (cybersecurity-help.cz)
<https://www.cybersecurity-help.cz/vdb/SB2022101807>

suggests that libksba should be updated to 1.5.0-3+deb11u1. Executing

apt list | grep -i ksba

results:
libksba8/now 1.5.0-3+deb11u2 amd64 [installed,local]

Should I conclude that CVE-2022-47629 does not apply to Airflow 2.5.1?

Thanks.