CVE-2022-1304 vulnerability in docker image

[p-l-l]

Recently detected this vulnerability on image mcr.microsoft.com/dotnet/aspnet:6.0

Introduced by:
e2fsprogs/libss2@1.46.2-2
e2fsprogs/libext2fs2@1.46.2-2
krb5/libgssapi-krb5-2@1.18.3-6+deb11u1

Just wanted to let you know, thanks for any feedback if there are plans on fixing this

[mthalman]

It doesn't look like there's even a fix available at this time for Debian. From https://security-tracker.debian.org/tracker/CVE-2022-1304:

Even if there was a fix available, it's the base image, debian:bullseye-slim, that contains this package. So we need to wait until it's available in that image. Once it's fixed there, it'll naturally flow to the .NET images that depend on that base image as part of our auto-rebuilding workflow.