curl vulnerability CVE-2022-32207

alpinelinux / docker-alpine

Official Alpine Linux Docker image. Win at minimalism!

MIT License

1.08k stars 262 forks source link

curl vulnerability CVE-2022-32207 #267

Closed david-yu closed 1 year ago

david-yu commented 2 years ago

Alpine 3.16.x and 3.15.x currently provide packaging up to 7.83.1 for Curl. Curl 7.84.0 is currently in edge but most users and downstream users would need to wait till it gets dropped in stable to consume for all container applications.

https://nvd.nist.gov/vuln/detail/CVE-2022-32207 (Critical Severity, CVSS score 9.8)

cartmanez commented 2 years ago

It has been patched and now available under version 7.83.1-r2

See https://git.alpinelinux.org/aports/commit/main/curl/APKBUILD?h=3.16-stable&id=2e86f92d7cb5f151ccb937c8e63359e7d448de41

david-yu commented 2 years ago

Thanks I can see those patches there. I believe security scans may still key in on the version number, so ideally would like to see 7.84.0 in 3.16.x if possible.