docker-alpine
docker-alpine copied to clipboard
curl vulnerability CVE-2022-32207
Alpine 3.16.x and 3.15.x currently provide packaging up to 7.83.1 for Curl. Curl 7.84.0 is currently in edge but most users and downstream users would need to wait till it gets dropped in stable to consume for all container applications.
https://nvd.nist.gov/vuln/detail/CVE-2022-32207 (Critical Severity, CVSS score 9.8)
It has been patched and now available under version 7.83.1-r2
See https://git.alpinelinux.org/aports/commit/main/curl/APKBUILD?h=3.16-stable&id=2e86f92d7cb5f151ccb937c8e63359e7d448de41
Thanks I can see those patches there. I believe security scans may still key in on the version number, so ideally would like to see 7.84.0 in 3.16.x if possible.