I doubt that it is a big attack vector despite the 'High' severity [1] but will would be nice to get an updated image (and then see it trickle down into projects like jwilder's nginx-proxy)
From the advisory [2]:
If an attacker can control both items being compared then that attacker could
trigger a crash. For example if the attacker can trick a client or server into
checking a malicious certificate against a malicious CRL then this may occur.
[1] https://twitter.com/iamamoose/status/1336333739345944578
For the Debian based images, there is a fix in Buster (and Sid, apparently): https://security-tracker.debian.org/tracker/CVE-2020-1971. The Debian base images were updated 22 days ago (https://github.com/docker-library/official-images/pull/9106) and we try to update them at least every 30 days. But since there was a Debian release this last weekend, and with this "high" openssl CVE, we will likely be pushing new base images this week (if/once stretch gets a fix) and we will rebuild all dependent official-images, like nginx and so this will be fixed then.
I think it's all rebuilt & great folks at docker library had pushed newer 1.19.6-based images with those fixes as well.
Most helpful comment
For the Debian based images, there is a fix in Buster (and Sid, apparently): https://security-tracker.debian.org/tracker/CVE-2020-1971. The Debian base images were updated 22 days ago (https://github.com/docker-library/official-images/pull/9106) and we try to update them at least every 30 days. But since there was a Debian release this last weekend, and with this "high"
opensslCVE, we will likely be pushing new base images this week (if/oncestretchgets a fix) and we will rebuild all dependent official-images, likenginxand so this will be fixed then.