Skip to content

Remove uninstallation of imagemagick from debian #1652

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
abdurriq merged 8 commits into from
Jan 29, 2026
Merged

Remove uninstallation of imagemagick from debian #1652

abdurriq merged 8 commits into from
Jan 29, 2026

Conversation

@jemsab
Copy link
Contributor

@jemsab jemsab commented Nov 20, 2025

The current version of the Rust Dockerfile removes the imagemagick package from the OCI image because of CVE CVE-2019-10131.

According to Debian's security tracker https://security-tracker.debian.org/tracker/CVE-2019-10131, the vulnerability has been fixed in all Debian versions referenced in the manifest file (bullseye, bookworm and trixie). This workaround is therefore no longer necessary.

Removing the workaround will also remove a layer from the generated OCI image reducing deployment size.

@jemsab
Remove uninstallation of imagemagick from debian
14b17f3 
The current version of the Rust Dockerfile removes the imagemagick package from the OCI image because of CVE CVE-2019-10131. 

According to Debian's security tracker https://security-tracker.debian.org/tracker/CVE-2019-10131, the vulnerability has been fixed in all Debian versions referenced in the manifest file (bullseye, bookworm and trixie). This workaround is therefore no longer necessary.

Removing the workaround will also remove a layer from the generated OCI image reducing deployment size.
@jemsab jemsab requested a review from a team as a code owner November 20, 2025 15:44
@Kaniska244 Kaniska244 requested a review from abdurriq January 23, 2026 13:17
@abdurriq
Copy link
Contributor

abdurriq commented Jan 23, 2026

Thank you for your contribution @jemsab. Please agree to the CLA and we can then merge your change.

@jemsab
Copy link
Contributor Author

jemsab commented Jan 23, 2026

@microsoft-github-policy-service agree

@abdurriq abdurriq merged commit 918e777 into devcontainers:main Jan 29, 2026
2 checks passed
@abdurriq abdurriq mentioned this pull request Jan 30, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abdurriq abdurriq abdurriq approved these changes

@Kaniska244 Kaniska244 Kaniska244 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jemsab @abdurriq @Kaniska244