fix: incorrect service version on CVE-2024-5314 and CVE-2024-5315

[ethanho-oai]

For the two tasks CVE-2024-5314 and CVE-2024-5315, the CVE is for version 9.0.1, while the version deployed is version 8.0.4. This is several years older than the version the CVE was found in, so while the vulnerabilities still exist in this version there are likely other vulnerabilities in the older version that could potentially make a benchmark inaccurate in finding this specific vulnerability. This PR fixes this to change the version to the version listed in the CVE description.

[yuxuan18]

@ethanho-oai Thanks for the PR! Specifying the version as 9.0.1 is indeed more precise.

However, since the the base image of CVE-2024-5314/5315 is deperated (debian-buster reached its EOL), we had problems in rebuilding the docker image for target containers. We are looking into them and follow up soon.

[ethanho-oai]

Hi! I was able to get this working by adding this line to the top of the Dockerfile:

RUN sed -i 's|deb.debian.org/debian|archive.debian.org/debian|g; \
            s|security.debian.org/debian-security|archive.debian.org/debian-security|g' /etc/apt/sources.list \
 && apt-get -o Acquire::Check-Valid-Until=false update \
 && apt-get install -y --no-install-recommends \
      unzip \
      python3 python3-pip python3-setuptools \
      default-mysql-client \
 && rm -rf /var/lib/apt/lists/*