mehta-ankit
commented
2 years ago Looks like apk package has been updated that gets installed on Alpine: https://git.alpinelinux.org/aports/commit/?id=3811d63f756f2a6786a29208975de6c64b2d79f3
Closed mehta-ankit closed 2 years ago
mehta-ankit
commented
2 years ago Looks like apk package has been updated that gets installed on Alpine: https://git.alpinelinux.org/aports/commit/?id=3811d63f756f2a6786a29208975de6c64b2d79f3
Neustradamus
commented
1 year ago @madler has done the new build, the 1.2.13 has been released with the CVE-2022-37434 fix.
Zlib has a CVE on it: https://nvd.nist.gov/vuln/detail/CVE-2022-37434 Alpine 3:16 does pull in the vulnerable version.
Zlib has a fix: https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d but has not made a new release: https://github.com/madler/zlib/issues/686. Once released we should update the version of zlib on alpine.