Vulnerabilities in libreoffice dependent packages(CVE-2021-28153, CVE-2020-35492)
Recently our security scanner found following two vulnerabilties
| Package | CVE | Severity |
|---|---|---|
| glib v2.66.7-r1 | CVE-2021-28153 | medium |
| cairo-gobject cairo v1.16.0-r2 | CVE-2020-35492 | high |
We are using alpine v3.13 and these packages were installed as part of libreoffice-6.4.6.2-r2 installation.
Looks like these vulnerabilities were already fixed in the respective packages. https://gitlab.gnome.org/GNOME/glib/-/issues/2325 https://gitlab.freedesktop.org/cairo/cairo/-/issues/437
Could someone please look into this?
Edited by hemanthreddyk