docker-alpine icon indicating copy to clipboard operation
docker-alpine copied to clipboard

Published 20 hours ago verified publisher icon alpinelinux

curl vulnerability CVE-2022-32207

Open david-yu opened this issue 1 year ago • 2 comments

Alpine 3.16.x and 3.15.x currently provide packaging up to 7.83.1 for Curl. Curl 7.84.0 is currently in edge but most users and downstream users would need to wait till it gets dropped in stable to consume for all container applications.

https://nvd.nist.gov/vuln/detail/CVE-2022-32207 (Critical Severity, CVSS score 9.8)

david-yu avatar Jul 21 '22 16:07 david-yu

It has been patched and now available under version 7.83.1-r2

See https://git.alpinelinux.org/aports/commit/main/curl/APKBUILD?h=3.16-stable&id=2e86f92d7cb5f151ccb937c8e63359e7d448de41

cartmanez avatar Jul 27 '22 14:07 cartmanez

Thanks I can see those patches there. I believe security scans may still key in on the version number, so ideally would like to see 7.84.0 in 3.16.x if possible.

david-yu avatar Jul 27 '22 20:07 david-yu