Received: from mail-pg1-x52f.google.com (mail-pg1-x52f.google.com [IPv6:2607:f8b0:4864:20::52f]) by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id 350DF2202AB for <~alpine/apk-tools@lists.alpinelinux.org>; Wed, 24 Apr 2024 04:25:50 +0000 (UTC) Received: by mail-pg1-x52f.google.com with SMTP id 41be03b00d2f7-5dcc4076c13so379566a12.0 for <~alpine/apk-tools@lists.alpinelinux.org>; Tue, 23 Apr 2024 21:25:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713932747; x=1714537547; darn=lists.alpinelinux.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=AMg7wAKfG/Bs4YQ6l4at8/U5fjclMQStDFd1HBhoONA=; b=EHp6uZM37DT/LxYJQFFzkmTMsjYqEnz19IBqeBoETxhJPaiEoBVPmRwsPeNMHXQd7S molwG/VzmjQgyySXr1Ujnhje/83o4XD+TfzoEcZ9q9enHOmWMF0xglENLexP8Cj5lYjk JLvuyAvPDXcW/DXL712JEBu3WWUnYI+6mk7QlZFXIgHfWbs6J07a3fSrcYj/L8C0pWkq knGizziKYgSLEYnWD7GoEsc17sHunC6zvtFRwJbeAREFWZHlSegste7ELK0I3UKOgNSC Ca9IfzPxJs/qnVxTrBkCzrcdLviUQUpOkh1LLnnA758kMkagojE9iypNvhfLDhSDiNY8 8toA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713932747; x=1714537547; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=AMg7wAKfG/Bs4YQ6l4at8/U5fjclMQStDFd1HBhoONA=; b=QPj6WoFUIS9928iZVveyTk0k+TrN9w2pDDDmxGL6NAoqV3HK6rHvrn336Hm1pPO84W //TIbqwcUwLgq6cDh9w25k/qa93Mm/jkcCefnUOyQ3kdGV8q9eFFXHhby19nMwN/+kqN aZglpp9N8SSzE1hTcSBaEV7IDbLPgytqXjdU/wMUHtamXiNd1jJORJpcxMR0V+t66ydR 1H5X7cQBsRIf0ZHZZfQptqlwoHfCjcwAVXw05aZ3/MeZdK45tXXWwLRGFH6+KVzKtJZ3 +6+dxs39ajaC5pYR8ziI2C19stzmuMzMzAWCyv2sbDr5SvN+LustUrgwtpplvxk+9i36 aTLA== X-Gm-Message-State: AOJu0Yzfzwr6CMatfeTAKaqyx1rWeATnuRfKnLEbM11lm/wQrjD6ia7C a0ZED3xgDFZ1CGCVEC9dKq1WpaRLt8ncfEbFonIcLGhWWVxRBeV610ST19ZMq/VUzliehuzXdbF 6j0bij1avLMLEAIbJdS5g/C+7VHmkhg== X-Google-Smtp-Source: AGHT+IGI21CczXCtTAi+naOxKsdDZFbgymqdR6OJbN0t2ypHdJ+vTSHA0V5SOIqCm+PDqrbLOaMliUXdIcmQiUQGyCo= X-Received: by 2002:a17:90a:488a:b0:2aa:8130:e3eb with SMTP id b10-20020a17090a488a00b002aa8130e3ebmr6106328pjh.11.1713932746618; Tue, 23 Apr 2024 21:25:46 -0700 (PDT) MIME-Version: 1.0 From: Sukanya Mallick Date: Wed, 24 Apr 2024 09:55:33 +0530 Message-ID: Subject: Requesting for updating libraries in alpine linux repo To: ~alpine/apk-tools@lists.alpinelinux.org Content-Type: multipart/alternative; boundary="00000000000087ffcf0616d01033" --00000000000087ffcf0616d01033 Content-Type: text/plain; charset="UTF-8" Hi Team, We are using libuv-1.47.0-r0.apk and xz-libs-5.4.5-r0.apk library from https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/ through apk add command. For both of these libraries, we are getting below critical security issues. CVE-2024-3094 : which suggests to upgrade to 5.6.1-r2 version of xz-libs CVE-2022-48620 : which is connected to https://nvd.nist.gov/vuln/detail/CVE-2024-24806 and it suggests to upgrade to 1.48.0 of libuv So can you please provide these upgraded libraries in https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/ and let us know when can we expect the upgrade to happen? Best regards, Sukanya --00000000000087ffcf0616d01033 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Hi Team,

We = are using libuv-1.47.0-r0.apk and xz-libs-5.4.5-r0.apk library from https://dl-cd= n.alpinelinux.org/alpine/v3.19/main/x86_64/ through apk add command. Fo= r both of these libraries, we are getting below critical security issues.

CVE-2024-3094 : which suggests to upgrade to 5.6.1-r2= version of xz-libs

CVE-2022-48620 : which is connec= ted to https://= nvd.nist.gov/vuln/detail/CVE-2024-24806 and it suggests to upgrade to 1= .48.0 of libuv

So can yo= u please provide these upgraded libraries in https://dl-cdn.alpinelinux.org/alpin= e/v3.19/main/x86_64/ and let us know when can we expect the upgrade to = happen?

Best regards,

Sukanya

--00000000000087ffcf0616d01033--