Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id A7A8A21F7B0;
	Fri, 26 Apr 2024 04:23:08 +0000 (UTC)
Received: by mail-pj1-x102a.google.com with SMTP id 98e67ed59e1d1-2ac1674d890so1559132a91.3;
        Thu, 25 Apr 2024 21:23:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1714105387; x=1714710187; darn=lists.alpinelinux.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=jKdIJR9lU3ckbF8R5HY2ewU65DLnzBe5xJbgZROEQO4=;
        b=ZEg4qGFgpeztqPYgXA7q8EgZKLDBcEPzxIt6L73VC5TkroXq8i65MpDZXn/iq/rZYx
         x/1aK9CPUUI+GiHzqMYzqwjolEAJ5h7m9rQIFIxIo/oPT4VvyTAxpWriSMuGwJF7+KvR
         ODLQipT4K1DAygBVBUaLkk45gQOk6tGoJ7zuh3RNtzHWO9FZsPd7v5Ippu0bs0j39ECn
         JKrr48+RZOyPsx4xRHRe/zaaFL4/UA7JXg/zhhY1MLyRNPNIXndBX9Ugr+CU/cZynSas
         17ZXh0fNZS02XMZR55lgZA/NPuGU6jaV//SKDtdjKvhF9auqPl9Ga/ggqzImVKuFDsNj
         fqHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1714105387; x=1714710187;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=jKdIJR9lU3ckbF8R5HY2ewU65DLnzBe5xJbgZROEQO4=;
        b=WA6ZECFI+nKLFobsix7QdkAYjdAxNNjBw5AXE//xbx0IGl+7qWy29K7RvluE3jnNCx
         XdA4OAavlalF6ymY6GBguq6ZlXPGaqM6kbQuR7bBIJgN07ghG7iMty5RaKwNxbPItPuq
         NLmI0ScteenyOyq85vXOKZUJTDBJRRMRYQQGGU6zBqvNblvPOoVipBWxFc0CsUfx/uds
         E+2lSJPFPBoG/wA+0BHw91wmbb0mV7aodV21EPvBnJoX0u7bHuwOov7R9qrYbjEMLYVn
         wryJN/ebd5IadeU9QBQ8AljecKUFyO1n3sFry2a0pKHaxjpwp7O/lGbcISC8G6qL0fZ8
         qKsg==
X-Gm-Message-State: AOJu0Yx1aof+O5O5u7+nOWEiehNTxId7UviTQRZzOmtDqIj/NybzhyHj
	UPEIdYqrQMJ4GfKq0Q3X4cdogATUxIepSPacdLaoG0py3J3P/UWiKf+JgH+HonH+bdA/qqBsxRR
	NwAzO6ZicxjXjjNBBnNnstkjTorhFNw==
X-Google-Smtp-Source: AGHT+IG81DUgrSpVXhlct4vwCo+zs4gX2jdYs65OL+HLm6vm9A/dKyWVu0d33VN1hF7P/c2RibYuTxydBU/zce08gWw=
X-Received: by 2002:a17:90a:714c:b0:2a1:f586:d203 with SMTP id
 g12-20020a17090a714c00b002a1f586d203mr1487563pjs.41.1714105386762; Thu, 25
 Apr 2024 21:23:06 -0700 (PDT)
MIME-Version: 1.0
References: <CA+VtT+tXERwyJg6GLC6bf9PmuSx10OKrSqVAL9v73qN80axDLQ@mail.gmail.com>
In-Reply-To: <CA+VtT+tXERwyJg6GLC6bf9PmuSx10OKrSqVAL9v73qN80axDLQ@mail.gmail.com>
From: Sukanya Mallick <sukanyamallick08@gmail.com>
Date: Fri, 26 Apr 2024 09:52:55 +0530
Message-ID: <CA+VtT+u=hTJgYknFT0PHkA12Dvxiq0tfwr_moM8w3ozX0B3WRQ@mail.gmail.com>
Subject: Re: Requesting for updating libraries in alpine linux repo
To: ~alpine/apk-tools@lists.alpinelinux.org
Cc: ~alpine/devel@lists.alpinelinux.org
Content-Type: multipart/alternative; boundary="000000000000af8af40616f8422c"

--000000000000af8af40616f8422c
Content-Type: text/plain; charset="UTF-8"

Hi Team,
Can you please help me with the below mentioned issues?


On Wed, 24 Apr 2024, 09:55 Sukanya Mallick, <sukanyamallick08@gmail.com>
wrote:

> Hi Team,
>
> We are using libuv-1.47.0-r0.apk and xz-libs-5.4.5-r0.apk library from
> https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/ through apk add
> command. For both of these libraries, we are getting below critical
> security issues.
> CVE-2024-3094 : which suggests to upgrade to 5.6.1-r2 version of xz-libs
> CVE-2022-48620 : which is connected to
> https://nvd.nist.gov/vuln/detail/CVE-2024-24806 and it suggests to
> upgrade to 1.48.0 of libuv
>
> So can you please provide these upgraded libraries in
> https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/ and let us know
> when can we expect the upgrade to happen?
>
> Best regards,
> Sukanya
>

--000000000000af8af40616f8422c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div>Hi Team,<div dir=3D"auto">Can you please help me wit=
h the below mentioned issues?</div><br><br><div class=3D"gmail_quote"><div =
dir=3D"ltr" class=3D"gmail_attr">On Wed, 24 Apr 2024, 09:55 Sukanya Mallick=
, &lt;<a href=3D"mailto:sukanyamallick08@gmail.com">sukanyamallick08@gmail.=
com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"marg=
in:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"auto=
">Hi Team,<div dir=3D"auto"><br></div><div dir=3D"auto">We are using libuv-=
1.47.0-r0.apk and xz-libs-5.4.5-r0.apk library from <a href=3D"https://dl-c=
dn.alpinelinux.org/alpine/v3.19/main/x86_64/" target=3D"_blank" rel=3D"nore=
ferrer">https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/</a> throug=
h apk add command. For both of these libraries, we are getting below critic=
al security issues.</div><div dir=3D"auto">CVE-2024-3094 : which suggests t=
o upgrade to 5.6.1-r2 version of xz-libs</div><div dir=3D"auto">CVE-2022-48=
620 : which is connected to <a href=3D"https://nvd.nist.gov/vuln/detail/CVE=
-2024-24806" target=3D"_blank" rel=3D"noreferrer">https://nvd.nist.gov/vuln=
/detail/CVE-2024-24806</a> and it suggests to upgrade to 1.48.0 of libuv</d=
iv><div dir=3D"auto"><br></div><div dir=3D"auto">So can you please provide =
these upgraded libraries in <a href=3D"https://dl-cdn.alpinelinux.org/alpin=
e/v3.19/main/x86_64/" target=3D"_blank" rel=3D"noreferrer">https://dl-cdn.a=
lpinelinux.org/alpine/v3.19/main/x86_64/</a> and let us know when can we ex=
pect the upgrade to happen?</div><div dir=3D"auto"><br></div><div dir=3D"au=
to">Best regards,</div><div dir=3D"auto">Sukanya</div></div>
</blockquote></div></div></div>

--000000000000af8af40616f8422c--