Closed david-yu closed 1 year ago
It has been patched and now available under version 7.83.1-r2
Thanks I can see those patches there. I believe security scans may still key in on the version number, so ideally would like to see 7.84.0 in 3.16.x if possible.
Alpine 3.16.x and 3.15.x currently provide packaging up to 7.83.1 for Curl. Curl 7.84.0 is currently in edge but most users and downstream users would need to wait till it gets dropped in stable to consume for all container applications.
https://nvd.nist.gov/vuln/detail/CVE-2022-32207 (Critical Severity, CVSS score 9.8)