Closed pboushy closed 3 years ago
FYI: curl does not use any of the functions that were reported to have those OpenSSL flaws.
+1 to what @bagder said - also considering an interim release (to include support for http3) will address this there - thanks for letting us know!
It’s be awesome if things like trivy and other vulnerability scanners could be updated to detect that kind of stuff but unfortunately, they’re all based around what packages are installed. Thank you for replying so quickly.
this was addressed with alpine 3.12.4 ... we are now on 3.12.7
The currently published curl-docker:7.75.0 contains libcrypto and libssl 1.1.1i-r0 which is vulnerable to CVE-2021-23840. Can you please rebuild/publish the current code? Alpine updated their repos with libssl and libcrypto 1.1.1j-r0