<CA+VtT+tXERwyJg6GLC6bf9PmuSx10OKrSqVAL9v73qN80axDLQ@mail.gmail.com>Hi Team, We are using libuv-1.47.0-r0.apk and xz-libs-5.4.5-r0.apk library from https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/ through apk add command. For both of these libraries, we are getting below critical security issues. CVE-2024-3094 : which suggests to upgrade to 5.6.1-r2 version of xz-libs CVE-2022-48620 : which is connected to https://nvd.nist.gov/vuln/detail/CVE-2024-24806 and it suggests to upgrade to 1.48.0 of libuv So can you please provide these upgraded libraries in https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/ and let us know when can we expect the upgrade to happen? Best regards, Sukanya
<CA+VtT+u=hTJgYknFT0PHkA12Dvxiq0tfwr_moM8w3ozX0B3WRQ@mail.gmail.com>
<CA+VtT+tXERwyJg6GLC6bf9PmuSx10OKrSqVAL9v73qN80axDLQ@mail.gmail.com>
(view parent)
Hi Team, Can you please help me with the below mentioned issues? On Wed, 24 Apr 2024, 09:55 Sukanya Mallick, <sukanyamallick08@gmail.com> wrote: > Hi Team, > > We are using libuv-1.47.0-r0.apk and xz-libs-5.4.5-r0.apk library from > https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/ through apk add > command. For both of these libraries, we are getting below critical > security issues. > CVE-2024-3094 : which suggests to upgrade to 5.6.1-r2 version of xz-libs > CVE-2022-48620 : which is connected to > https://nvd.nist.gov/vuln/detail/CVE-2024-24806 and it suggests to > upgrade to 1.48.0 of libuv > > So can you please provide these upgraded libraries in > https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/ and let us know > when can we expect the upgrade to happen? > > Best regards, > Sukanya >