Description of problem:

Container scanning reports that the "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8" image is affected by https://access.redhat.com/errata/RHSA-2022:8638. This applies to both OpenShift Pipelines 1.8.2 and also to 1.9.

The following command shows that an affected version is shipped with the image:

$ oc rsh el-vote-app-7c88c5bc4f-mm7sx rpm -qa | grep krb5
krb5-libs-1.18.2-21.el8.x86_64

Prerequisites (if any, like setup, operators/versions):

OpenShift Pipelines 1.8.2 and OpenShift Pipelines 1.9

Steps to Reproduce

1. Install OpenShift Pipelines 1.8.2
2. Create an EventListener for any pipeline
3. Check which version of the `krb5-libs` image is included using the command `oc rsh <EVENTLISTENER-POD> rpm -qa | grep krb5`

Actual results:

$ oc rsh el-vote-app-7c88c5bc4f-mm7sx rpm -qa | grep krb5
krb5-libs-1.18.2-21.el8.x86_64

This package is affected by https://access.redhat.com/errata/RHSA-2022:8638.

Expected results:

Package version is returned that is not affected by https://access.redhat.com/errata/RHSA-2022:8638

Reproducibility (Always/Intermittent/Only Once):

Always

Build Details:

-

Additional info (Such as Logs, Screenshots, etc):

Discussion on Slack: https://redhat-internal.slack.com/archives/CSPS1077U/p1675873521959929