Received: from eu-smtp-delivery-130.mimecast.com (eu-smtp-delivery-130.mimecast.com [185.58.85.130])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id 108DE22328F
	for <~alpine/devel@lists.alpinelinux.org>; Mon,  3 Apr 2023 11:07:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proximity.fr;
	s=mimecast20220120; t=1680520068;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=nGtMEUOyovZTe9PwweLDUesNY8OE6pND/J4I4vdMMfU=;
	b=IRvN+rNxKp+qFLw5kvILBmmE51TC4tPqZJhJJq2ZMQ6Q/2PS4pWgGVm/TSA1m1hKil/uIq
	hdag/1XpfSX4qjRzniOuCZUgD6jPLTgUwbeQaTiPEzAhp2B/UOoB0lKZG1wk/mD0GdAmiQ
	+UdZwpm9JMsgzM/hnKec0lfTzkUWmJ0/jD0nbIHvM5jeF2cxRQ7EbcBRLsPxT5BrK1QGdB
	3socKk1ziRGgLkxxY8LRoC20gY8YKiA3As8twuiR/vp4lZS6DL3q+VtzzHj9TItDoWQgHr
	tuSw+ZTN3fa+kAR8my/b7ep8rkkWhOoXU2s2e9zZhhN+8qHp4hRXH5jqYh7npA==
Received: from NAM04-DM6-obe.outbound.protection.outlook.com
 (mail-dm6nam04lp2048.outbound.protection.outlook.com [104.47.73.48]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 uk-mta-6-5-KwC9sqO46XzbW-2F7qrA-1; Mon, 03 Apr 2023 12:07:46 +0100
X-MC-Unique: 5-KwC9sqO46XzbW-2F7qrA-1
Received: from SN1PR18MB2093.namprd18.prod.outlook.com (2603:10b6:802:30::19)
 by DM5PR18MB2229.namprd18.prod.outlook.com (2603:10b6:4:b9::24) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.28; Mon, 3 Apr
 2023 11:07:43 +0000
Received: from SN1PR18MB2093.namprd18.prod.outlook.com
 ([fe80::f2c7:8369:1774:8d7e]) by SN1PR18MB2093.namprd18.prod.outlook.com
 ([fe80::f2c7:8369:1774:8d7e%4]) with mapi id 15.20.6254.033; Mon, 3 Apr 2023
 11:07:43 +0000
From: "Haidar Deenmahomed (Proximity-Paris)" <haidar.deenmahomed@proximity.fr>
To: "~alpine/devel@lists.alpinelinux.org"
	<~alpine/devel@lists.alpinelinux.org>
CC: "Kavish Roseeawon (Proximity-Paris)" <kavish.roseeawon@proximity.fr>,
	"Alex Lacour (Proximity-Paris)" <alex.lacour@proximity.fr>, "Bonie Kathiana
 Coder (Proximity-Paris)" <bonie.coder@proximity.fr>, "Akshini Sibartie
 (Proximity-Paris)" <akshini.sibartie@proximity.fr>
Subject: RE: [Vulnerability] CVE-2023-0464
Thread-Topic: [Vulnerability] CVE-2023-0464
Thread-Index: AdlmHExIBOnKmT+nTmmK9CxBDngb5QAACjGw
Date: Mon, 3 Apr 2023 11:07:42 +0000
Message-ID: <SN1PR18MB2093CB3A135E5EDA9F61C7EDE1929@SN1PR18MB2093.namprd18.prod.outlook.com>
References: <SN1PR18MB20938EC944E7C2CF37FE1FB0E1929@SN1PR18MB2093.namprd18.prod.outlook.com>
In-Reply-To: <SN1PR18MB20938EC944E7C2CF37FE1FB0E1929@SN1PR18MB2093.namprd18.prod.outlook.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SN1PR18MB2093:EE_|DM5PR18MB2229:EE_
x-ms-office365-filtering-correlation-id: 4951d5eb-4daf-4038-9844-08db3433a587
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: 6PGGEOfnMosnupycS2+8ZhYL4gzypPyeA9uRWZA1ANW5jtjKZEFG9NRfa23AwLYOxfMHkS8NLdtiBLxXOznk9aZyDPuoDAX0cReXhLbw9DbPHbBtoyP6WZxD7DQMyh/rpW4dRjSF/CmMwy1XyYWnoxD/1kb5iC5wE9w3L+0/3BsYokc+awbeGwhPGmdR4OJRlIA4jYhKnpz5D6rjA2Tlh14d27HA3hobxEaQjKPE0tmCcz2DHQSHX8eXCQT6aUrpKpg7A4ApQbo5o0avsC6q+4bybYzP7ErL1f18DsPEBRSY1jYxqYsB/vz9VkYDlZXFPlUN15SnNfZEQRtLdRIMvsvXitoH2caOUcpJWqs9Rh2tpnUs6dtR0MT6a9YX0mxIva7kNAgelSqlepWmA9atNuRQTmk8QJg9zoEH/rPM17ySsyHBBGskMawQVEA3vUy0DQVXDctDoa4kZWmh392ENQccyYF/ho94Q1VVdKKmOvRmRvup4EYKYMLeXlXtVGORp3IVMnJ1aq4G5DaIxvo7F47mOSynFlGfEu6c0AffuOgq39vewxajPQgS1ygthO8vLAkSk+2f2kmR5CZOO/e3xs7HXzuUonf35q8iMdqRb5iFvODcHQplxn1tl9C81OEsTSS1Hg5qIIZNiQTyuzFRgQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN1PR18MB2093.namprd18.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(376002)(346002)(39860400002)(136003)(396003)(366004)(451199021)(38070700005)(2906002)(5660300002)(8676002)(8936002)(82960400001)(122000001)(41300700001)(38100700002)(52536014)(33656002)(55016003)(86362001)(6506007)(7696005)(71200400001)(26005)(9686003)(107886003)(54906003)(478600001)(83380400001)(2940100002)(186003)(76116006)(66946007)(66556008)(66446008)(4326008)(66476007)(64756008)(316002)(454784003);DIR:OUT;SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?bOtPeeA4Ua+H5AI6R6zimGipXRlWRwt3fQ9IeENa0U6v+mb0fjPNYMXNC3my?=
 =?us-ascii?Q?8laDa57AHZ6f/YfkbkU+JPF9ia39uq2n8hIloYWlbIes9h5tHQoc5xiBOnJY?=
 =?us-ascii?Q?6RMa1oL0SAthZJqlw0z7BnzzPgRyDNgEbY5kLuIMj7GI6BOyRi2FQrrWurui?=
 =?us-ascii?Q?H4LbH4WBtq4owrihEdp3Lh/ejhSZdzbNq+JAeaFE3RCt3pUcorsbpqfO2ouh?=
 =?us-ascii?Q?Cf4U1c+TtOtpGojSJrYpekMxr4iPfHubKy9eoYss9s0j2fWMO/gt+4rbk3KL?=
 =?us-ascii?Q?Duo81AC5QzEOQ6mcTdjjNFJXs4STI2Ry56JTJLbc47H4uR0dwhpOqldpnjmO?=
 =?us-ascii?Q?74/EuetaIjKC6Zmv2CkAuPIlyFAZFcuJH3nKI8ZHaYJ+LWhvNfCqHWUN25rI?=
 =?us-ascii?Q?+6G0AjLmbQRE92D+7ZfA5hAwftzXzyIIrCcfDJz+v/BsVl2ey81nIk3HGBAr?=
 =?us-ascii?Q?BNXN7/T/XQs8RAjLSpH4/Tcaet5CTdje1LdISNoYz7qy+yS/OU0llDtHxsxo?=
 =?us-ascii?Q?UGM10Z4MhBne3fzs4V/58lG2JWWE/Kkp+qH5Qmhz1bU9CQA8Nq0vDxDw1/ZJ?=
 =?us-ascii?Q?+5fZedmiG7/0mjCz02nZELIgM34l5rAQlakvQmafhA76obffLHRfzo3hAfbx?=
 =?us-ascii?Q?85IIV9fbjdWlb8BNsDT7CYRTto2kfxZkhF+Pfq6H+KSSv+NRYRAlshcYXcEy?=
 =?us-ascii?Q?12LC8XHFf7+yYW3ZCSqmvHCtP5XxO/L+Ge5Y5qShu8pwJRjkuykjg00PzYox?=
 =?us-ascii?Q?Igyivd5clabyF3BlTT9rHNpRAFIyPyUZBqELZ3/5RvGE0PDsKSPKfQT/GHM5?=
 =?us-ascii?Q?QKwA/WFKF2JBSYghC+JOz8qsfVe2o/Dpuek/er86TykQ0xRogTXFn81RoKBw?=
 =?us-ascii?Q?0HfoXc/p0/+ZTL2mVlpv18EpJLytW6OIDqFQgqFYU7NbJip0RfHyorInr+6o?=
 =?us-ascii?Q?19M5UNyjfwJ+qSTyrAp9PKq/RofaK9OTQ3wPbXHCJtfFB5wXHluzqBe3JndM?=
 =?us-ascii?Q?mUmv9XD/lInoCowPhkbf64KKEV0MCMAHIT927Ua88msIWPK3l9+qoIfkYpb+?=
 =?us-ascii?Q?l3xkV28C9wywwj8XpgavOpWy75zyayrG+4TwNiiIh5sQc0yybtv6yxBNvkKr?=
 =?us-ascii?Q?PaLnu8imqkvtlaKJXBAMbT3koArz30lWOBs7SS8oBOrfd0qwyaXf85ELtx9h?=
 =?us-ascii?Q?h91znjMxvCbjiJO0RAMAI7f8dEOA8EUZMKYpQ6Qs0tFBdBCRA5Dr1KL5ybYI?=
 =?us-ascii?Q?3uGW/GNyPvsWBZoG4SMacxCMPyHkmR9xExnwyErNBzzyLUzRuSsnyaOpYqk7?=
 =?us-ascii?Q?AQ47dQ5A6DsPT0kt6LtJBXP78ZOdxmTPlHVAjqib4MVa+wt7w1Dl11iF2mIP?=
 =?us-ascii?Q?lEjmzrJEMpxeUczsDGY8nOJrMweRYJZJBEz8wvR3+s7JZ5mSxMuVwpWd+0WZ?=
 =?us-ascii?Q?HwpdNnLWw7Bq7UEwJXDKLqi47Atukey37Z23S0rWSeAVFty9G7ENw3yTTQsq?=
 =?us-ascii?Q?OF5/VTE/E+DxKiWvfI2228ZGBDdrq4KT+fF3i9bzuZ3E1C2U5pBZODu/ZbmF?=
 =?us-ascii?Q?pSvuv/geN+g8h4F05rVf2gQjxw21pbsyVkHKzgBdFqQzeIf5dL9ibwReBrVB?=
 =?us-ascii?Q?LQ=3D=3D?=
MIME-Version: 1.0
X-OriginatorOrg: proximity.fr
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN1PR18MB2093.namprd18.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4951d5eb-4daf-4038-9844-08db3433a587
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2023 11:07:42.8117
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eb501a-f671-4ce0-a5bf-b64168c3705f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pcgmGttiMBl+5QxmPevqd8ihTgVhAAaFRFFh+T8DejBH8UJZD5TtPETtciCY0Z0XIpdXmBNr5zgktQ46J2YoT45DZSy0nH7DZY5dWnZ4NN4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR18MB2229
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: proximity.fr
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_SN1PR18MB2093CB3A135E5EDA9F61C7EDE1929SN1PR18MB2093namp_"

--_000_SN1PR18MB2093CB3A135E5EDA9F61C7EDE1929SN1PR18MB2093namp_
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable


Hello,

I am writing to bring to your attention a security vulnerability that was i=
dentified while running Jfrog Scan on a docker image based on Alpine 3.17. =
The scan highlighted CVE-2023-0464, which has the potential to create a den=
ial-of-service (DoS) attack on affected systems.

I would like to know if there is an estimate of when this vulnerability wil=
l be addressed or any documentation that outlines the time estimates for fi=
xing such issues. Please let me know if there are any actions I can take to=
 help mitigate this risk in the meantime.

Thank you for your prompt attention to this matter.

Best regards,
Haidar

This email is intended only for the person or entity to which it is address=
ed and may contain information that is privileged, confidential or otherwis=
e protected from disclosure. Dissemination, distribution, or copying of thi=
s email or the information herein by anyone other than the intended recipie=
nt, or an employee or agent responsible for delivering the message to the i=
ntended recipient, is prohibited. If you have received this email in error,=
 please notify the sender immediately.

--_000_SN1PR18MB2093CB3A135E5EDA9F61C7EDE1929SN1PR18MB2093namp_
Content-Type: text/html; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
=09{font-family:"Cambria Math";
=09panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
=09{font-family:Calibri;
=09panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
=09{margin:0cm;
=09font-size:11.0pt;
=09font-family:"Calibri",sans-serif;
=09mso-fareast-language:EN-US;}
.MsoChpDefault
=09{mso-style-type:export-only;
=09font-size:10.0pt;}
@page WordSection1
=09{size:612.0pt 792.0pt;
=09margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
=09{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"en-MU" link=3D"#0563C1" vlink=3D"#954F72" style=3D"word-wrap:=
break-word">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">Hello,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"en-MU"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"en-MU">I am writing to bring to your a=
ttention a security vulnerability that was identified while running Jfrog S=
can on a docker image based on Alpine 3.17. The scan highlighted CVE-2023-0=
464, which has the potential to create
 a denial-of-service (DoS) attack on affected systems.<o:p></o:p></span></p=
>
<p class=3D"MsoNormal"><span lang=3D"en-MU"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"en-MU">I would like to know if there i=
s an estimate of when this vulnerability will be addressed or any documenta=
tion that outlines the time estimates for fixing such issues. Please let me=
 know if there are any actions I can
 take to help mitigate this risk in the meantime.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"en-MU"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"en-MU">Thank you for your prompt atten=
tion to this matter.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"en-MU"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"en-MU">Best regards,<o:p></o:p></span>=
</p>
<p class=3D"MsoNormal"><span lang=3D"en-MU">Haidar<o:p></o:p></span></p>
</div>
<p style=3D"FONT-SIZE: 8pt; FONT-FAMILY: Arial, Helvetica, sans-serif; COLO=
R: #7f7f7f; MARGIN-TOP: 30pt">
This email is intended only for the person or entity to which it is address=
ed and may contain information that is privileged, confidential or otherwis=
e protected from disclosure. Dissemination, distribution, or copying of thi=
s email or the information herein
 by anyone other than the intended recipient, or an employee or agent respo=
nsible for delivering the message to the intended recipient, is prohibited.=
 If you have received this email in error, please notify the sender immedia=
tely.</p>
</body>
</html>

--_000_SN1PR18MB2093CB3A135E5EDA9F61C7EDE1929SN1PR18MB2093namp_--