Rebuild alpine image to fix some CVE

[acmnu]

Currently we got a number of CVE in expat-2.4.3 which is in current python:3.10-alpine image.
It is already fixed in Alpine repo https://git.alpinelinux.org/aports/commit/?id=383d2d74ceae9ae1fd4d6d981d31b99c2ff804cf

# secfixes:
#   2.4.5-r0:
#     - CVE-2022-25235
#     - CVE-2022-25236
#     - CVE-2022-25313
#     - CVE-2022-25314
#     - CVE-2022-25315

So we just have to rebuild python image to have latest expat in it. Could you please do it.

[acmnu]

@kuhella it is about your issue.

[supreeth90]

python:3.10-alpine image also has CVE-2022-23852 and CVE-2022-23990 critical CVEs which are fixed in newer version of expat library.

https://github.com/libexpat/libexpat/blob/R_2_4_5/expat/Changes

Please let us know when you are rebuild it with new expat version as well.

[yosifkit]

Same comment as #699 (comment). So, once the base image does an update, these images will be rebuilt.

[acmnu]

Ok I see you did this. I think the issue has been fixed:

:) > docker pull python:3.10-alpine
3.10-alpine: Pulling from library/python
59bf1c3509f3: Already exists 
07a400e93df3: Already exists 
64052ee245ef: Pull complete 
a44d093ad4a5: Pull complete 
f09a2cc82019: Pull complete 
Digest: sha256:a9865ba6472324621e81e1da5cbd02069d528215a4b49d49695eac693c10488a
Status: Downloaded newer image for python:3.10-alpine
docker.io/library/python:3.10-alpine
:) > docker run -it --rm python:3.10-alpine apk list expat
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.15/main: No such file or directory
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.15/community: No such file or directory
expat-2.4.5-r0 x86_64 {expat} (MIT) [installed]

@kuhella Are we happy?

@yosifkit The issue was not related to base Alpine image because it has not expat inside. Expat installed as dependency to some python lib, so you need to rebuild python image more often then original alpine image.

[tianon]

This will be fixed via docker-library/official-images#12055. 👍