Investigate unresolved backup image CVEs after remediation pass 1

## Overview

Track unresolved vulnerabilities that remain in `torrust/tracker-backup:local` after remediation pass 1 in issue #428.

## Context

A remediation attempt was applied (`apt-get upgrade -y` in base layer), but scan results stayed unchanged:

- Before: 6 HIGH, 0 CRITICAL
- After: 6 HIGH, 0 CRITICAL

## Goals

- Verify which remaining CVEs are currently unfixed in Debian 13.4 repos
- Determine if alternate package/version strategy can reduce findings without breaking backup behavior
- Document risk acceptance and monitoring plan for non-fixable items

## Acceptance Criteria

- [ ] Map remaining CVEs to fix availability in Debian tracker
- [ ] Evaluate practical mitigation options for backup container
- [ ] Document recommendation and next action
- [ ] Pre-commit checks pass: `./scripts/pre-commit.sh`

## Related

- Parent: #428
- Epic: #250


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Investigate unresolved backup image CVEs after remediation pass 1 #431

Overview

Context

Goals

Acceptance Criteria

Related

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Investigate unresolved backup image CVEs after remediation pass 1 #431

Description

Overview

Context

Goals

Acceptance Criteria

Related

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions