Received: from eu-smtp-delivery-130.mimecast.com (eu-smtp-delivery-130.mimecast.com [185.58.85.130])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id 6A80722324D
	for <~alpine/devel@lists.alpinelinux.org>; Mon,  3 Apr 2023 11:11:02 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proximity.fr;
	s=mimecast20220120; t=1680520262;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=pFBCQnzJIUZpnrtsRjo1HIFRe427Ol4baQ7cMHRMfJU=;
	b=L6cb18mM3Qf2YaKqzvHIgwUZVDbbajxa8I8W1AmXfYNQhqSo40r4JbL+zDtFtwWajqfUF4
	IDRu6FkNb2OxLIWXuv3LvI+9vO4mVbkqE5RTgrx7zgT0MRzADqhr0BUqP+X7fNlHOTSowc
	myLhTB8kYO1GMJ26q4QTOJFjUFysZEhjAO9AYCTYZUA2mKvwZ/6Ap63gQpanJYe+JwvnDZ
	jBwGHZQ23W64pO1vjPzD0fOKmHn68hK0zveNWbw+tVfYK9VmCICEiR5Bm2IT7L2hL1buNa
	zMFJIkvmMAAewCr34naFLgq3yM//MAbDXeH5z0RfR6ZuLxLUSW86ACmGdBqREA==
Received: from NAM10-MW2-obe.outbound.protection.outlook.com
 (mail-mw2nam10lp2108.outbound.protection.outlook.com [104.47.55.108]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 uk-mta-238-uwQZEeYVP7ONOfNFu1aOVw-1; Mon, 03 Apr 2023 12:10:55 +0100
X-MC-Unique: uwQZEeYVP7ONOfNFu1aOVw-1
Received: from SN1PR18MB2093.namprd18.prod.outlook.com (2603:10b6:802:30::19)
 by DM5PR18MB1050.namprd18.prod.outlook.com (2603:10b6:3:2f::19) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.33; Mon, 3 Apr
 2023 11:10:50 +0000
Received: from SN1PR18MB2093.namprd18.prod.outlook.com
 ([fe80::f2c7:8369:1774:8d7e]) by SN1PR18MB2093.namprd18.prod.outlook.com
 ([fe80::f2c7:8369:1774:8d7e%4]) with mapi id 15.20.6254.033; Mon, 3 Apr 2023
 11:10:50 +0000
From: "Haidar Deenmahomed (Proximity-Paris)" <haidar.deenmahomed@proximity.fr>
To: "~alpine/devel@lists.alpinelinux.org"
	<~alpine/devel@lists.alpinelinux.org>
CC: "Kavish Roseeawon (Proximity-Paris)" <kavish.roseeawon@proximity.fr>,
	"Alex Lacour (Proximity-Paris)" <alex.lacour@proximity.fr>, "Bonie Kathiana
 Coder (Proximity-Paris)" <bonie.coder@proximity.fr>, "Akshini Sibartie
 (Proximity-Paris)" <akshini.sibartie@proximity.fr>
Subject: RE: [Vulnerability] CVE-2023-0464
Thread-Topic: [Vulnerability] CVE-2023-0464
Thread-Index: AdlmHExIBOnKmT+nTmmK9CxBDngb5QAACjGwAAAXyGA=
Date: Mon, 3 Apr 2023 11:10:50 +0000
Message-ID: <SN1PR18MB2093D628F72D40DA4F2D7C7AE1929@SN1PR18MB2093.namprd18.prod.outlook.com>
References: <SN1PR18MB20938EC944E7C2CF37FE1FB0E1929@SN1PR18MB2093.namprd18.prod.outlook.com>
 <SN1PR18MB2093CB3A135E5EDA9F61C7EDE1929@SN1PR18MB2093.namprd18.prod.outlook.com>
In-Reply-To: <SN1PR18MB2093CB3A135E5EDA9F61C7EDE1929@SN1PR18MB2093.namprd18.prod.outlook.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SN1PR18MB2093:EE_|DM5PR18MB1050:EE_
x-ms-office365-filtering-correlation-id: 2566d8dd-cb4c-4b43-b415-08db3434156b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: yCoWx0kqQdXWDRMklV7gpmeq+j0Tz+0smmEBN18kLJAu/GM+AkY3IC7v+6G+AnFfTuvlG3R/jTizpcXWSPcvTm5sRuDpfEwJuA19DsbJ6NcbyVi7KZgwl6Pz+9OSWzY/n4d0k1tc2nM8LNeqyF8vKh0IpzvYPf2e0N/psfgScjwxuBdPBYgYGb4mF9XyibI7ivcOiuE5nkpdfPxJ0Pe0MS6XLBL7C2ajEe9mLlkH8QQKQAsHS8aVECY6xNwaiwc5n8KxX3kQbyRV+DyJwgWGg+GI3q7yzLpz8eiR4Rxsfnjb9tN9OgSE8mESgRw+rquIscFYxPCzBGVtLEDrikxZGAhSIgXp0Sj8gM7TGodJgITYzr4a3flPz6rtV9nkHvHPsTyUqRMRSwE3NYZeI84Ib1c3eMx4RxLs3Tqm/mVWh54ExF1ejY60X21E0befi5Oorpd7CZYVEG+pAvOo1LEWz78Kdxcy7WuLuJelVzcehlWd+5pcduV70hZEH6OX8khtMcrCGQtjtIwZnAcnYa9XmwlBYl16H6lgk0QXHPXjzJnFuqwwz0glTlzsigmTNpyNLJJxOQaPm6Zk+dFmJBltb0mz+tUv1jhxO/g2R8+tQQfI+2PSvJctgVeGMVNqyrqe
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN1PR18MB2093.namprd18.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(366004)(39860400002)(346002)(376002)(396003)(136003)(451199021)(4326008)(41300700001)(66446008)(64756008)(82960400001)(86362001)(38070700005)(122000001)(38100700002)(83380400001)(9686003)(2940100002)(186003)(6506007)(26005)(107886003)(5660300002)(52536014)(8676002)(8936002)(54906003)(316002)(478600001)(66476007)(76116006)(66946007)(66556008)(71200400001)(33656002)(7696005)(2906002)(55016003);DIR:OUT;SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?JeHtL7ahgWkBbaxVLm+ho6+YC47e9/wo2VADprTboJRUFx6q4avKsqh1I0br?=
 =?us-ascii?Q?+GyiY3X3CAM81Hd6NE/fOjHSVKAR3JAfe1sKM/Fn2dBTPsC+U0HW9h1RZw7V?=
 =?us-ascii?Q?FnLI/4V9FsRowJPaYKu6YlqullLqUxQdPxgzmGzFnTL59DJ2ZnQc6V+mpE8a?=
 =?us-ascii?Q?pAzqPlj5ot995szf2sIk8Tr5rVm2AgAK2nYV1irUFrbsxlDt4pw3g9ASFL/V?=
 =?us-ascii?Q?GxZeesXp2U4CQMxO4JmDmzrp5yGuDzXTctrl/FX6UjleM7Uj1mCdR433HxKa?=
 =?us-ascii?Q?YRaDfSyU0IwkTHh/6Rc9JikTH6vYtFFbkGvW4zGYgf2TqmsIo4duqMbARCgL?=
 =?us-ascii?Q?oFFysiuG5PhHjWp4DIriz99qmx2bH3M9uJBvdd8edR7dTtnD4vOk/llGWXfp?=
 =?us-ascii?Q?GFnDJsew+245keXqXiCUB2Z1rPKvWEB1Lz+v4j4qICX48iYtaONq40Vrfwr8?=
 =?us-ascii?Q?6Ij9Esxzg4dKWPYqFWKGd/L2RDbKegq0PtJJUJBSOtv/CYI8r3oOhf13NhOQ?=
 =?us-ascii?Q?NVaA0+WTuM1K4QPO5JYRsTkd591ovgB2wBIhX1fftt3abovbnUBNsP1BAQDI?=
 =?us-ascii?Q?IlYxDFl9uQHY0TwUeOpnpvn6kS+/ZyuHGzffEGM0wYrXJI8xEj+RlP4ihNGn?=
 =?us-ascii?Q?mLNoVIqG0afew0zMotN3JuLGsY9gHz7fJRycueRSdxrO4WJHoVO+qpEie1EG?=
 =?us-ascii?Q?Ep9n1ymuCqm3cs0awm7hQuADNNnp88T7+UOOAZvI2qN8If/uZq7he8NeXvkb?=
 =?us-ascii?Q?0VmWSsbng5hKS9DPht3dSHmirTF6RhQ/PiRftnaBHPJAmJksINbECe0FAuOT?=
 =?us-ascii?Q?Pai65sdzdDhUnlPggILkHPK/5oeIkbbfvhrWXcO1sD89ON4HrE0KFeXrMPLz?=
 =?us-ascii?Q?PKdWGFrQGaszytl+UwPHAUH3sCK/eS+hLw20W5oGTW0Lxd/h4JakcjYek0AK?=
 =?us-ascii?Q?aOFKoBfVR4V8iau6GuU4xBa55ohEKlsVINtBIEkQ9YqfnYPrWRpkHsOSIS9l?=
 =?us-ascii?Q?CwMA3OWg5f+LC9YpC1NC35W1q46agrEuaOt1ANjKM5aAW+qAOdtsHzi9TvZO?=
 =?us-ascii?Q?lERbeqKzyanvfcrwB80GN1NMuA7v3QSr6D1pQKt25bv7z0ZYTDyAC1P5S6sg?=
 =?us-ascii?Q?ApEChNVvyUvlhSGPiorBwXNRbKmVwyucT9c1J2zzyN4oiJ742HoZBGYs/h9n?=
 =?us-ascii?Q?EzdrWVHn5s4XDclOTGJsio81Q+EV3/F16aSIFeBl+kR2I0vewTjCpyPE8sAv?=
 =?us-ascii?Q?4L8xMnmFq+OHASj4N4c8CotYaaFwTEEBTr1jfQGlc2YOx2PS85Mj6DVuQ5kz?=
 =?us-ascii?Q?Fe/n/YfRwPS5DfEIhahaGnw0nnv/DGgvi3n7T8rRruLTFmN8CTtdHOfF8mVq?=
 =?us-ascii?Q?u8jbtuLJTP/b3HgbY2GvsvZoCgZhkhHhZXp/m4y+DznGa7Cx5+VygWgplNZI?=
 =?us-ascii?Q?sjz1yjozvEr/JRhe93zbG2Kptu2Qj9vKS0F61XrdaGuF7UH3iLfj3H/oZ6ck?=
 =?us-ascii?Q?EzI5g23SwyneWFwtSG8Dor05SJBFSxStCcEOy1fVp+7oZTjTVTNconTEFxpb?=
 =?us-ascii?Q?/6m6h24pNAiwEWwL60ZBmYUkEmtzS4tcitWxcov7x8OOxU0D/8f7ubCHgfvy?=
 =?us-ascii?Q?cA=3D=3D?=
MIME-Version: 1.0
X-OriginatorOrg: proximity.fr
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN1PR18MB2093.namprd18.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2566d8dd-cb4c-4b43-b415-08db3434156b
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2023 11:10:50.4818
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eb501a-f671-4ce0-a5bf-b64168c3705f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6IE3w3ousLMH7QgELH0NAAQjO6JvYICd/nL7ICKz0VdgHsA/A725jdEUwtSd0wqsWUL2q61ZLLZyLVnKsolkzRKVLW+iJw8hUYwTDfOvUsY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR18MB1050
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: proximity.fr
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_SN1PR18MB2093D628F72D40DA4F2D7C7AE1929SN1PR18MB2093namp_"

--_000_SN1PR18MB2093D628F72D40DA4F2D7C7AE1929SN1PR18MB2093namp_
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable

Hello,

I am writing to bring to your attention a security vulnerability that was i=
dentified while running Jfrog Scan on a docker image based on Alpine 3.17. =
The scan highlighted CVE-2023-0464, which has the potential to create a den=
ial-of-service (DoS) attack on affected systems.

I would like to know if there is an estimate of when this vulnerability wil=
l be addressed or any documentation that outlines the time estimates for fi=
xing such issues. Please let me know if there are any actions I can take to=
 help mitigate this risk in the meantime.

Thank you for your prompt attention to this matter.

Best regards,
Haidar

This email is intended only for the person or entity to which it is address=
ed and may contain information that is privileged, confidential or otherwis=
e protected from disclosure. Dissemination, distribution, or copying of thi=
s email or the information herein by anyone other than the intended recipie=
nt, or an employee or agent responsible for delivering the message to the i=
ntended recipient, is prohibited. If you have received this email in error,=
 please notify the sender immediately.

--_000_SN1PR18MB2093D628F72D40DA4F2D7C7AE1929SN1PR18MB2093namp_
Content-Type: text/html; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
=09{font-family:"Cambria Math";
=09panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
=09{font-family:Calibri;
=09panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
=09{margin:0cm;
=09font-size:11.0pt;
=09font-family:"Calibri",sans-serif;
=09mso-fareast-language:EN-US;}
span.EmailStyle18
=09{mso-style-type:personal-reply;
=09font-family:"Calibri",sans-serif;
=09color:windowtext;}
.MsoChpDefault
=09{mso-style-type:export-only;
=09font-size:10.0pt;}
@page WordSection1
=09{size:612.0pt 792.0pt;
=09margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
=09{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"en-MU" link=3D"#0563C1" vlink=3D"#954F72" style=3D"word-wrap:=
break-word">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Hello,<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">I am writing to bring to your attention a security v=
ulnerability that was identified while running Jfrog Scan on a docker image=
 based on Alpine 3.17. The scan highlighted CVE-2023-0464, which has the po=
tential to create a denial-of-service
 (DoS) attack on affected systems.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">I would like to know if there is an estimate of when=
 this vulnerability will be addressed or any documentation that outlines th=
e time estimates for fixing such issues. Please let me know if there are an=
y actions I can take to help mitigate
 this risk in the meantime.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Thank you for your prompt attention to this matter.<=
o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Best regards,<o:p></o:p></p>
<p class=3D"MsoNormal">Haidar<o:p></o:p></p>
</div>
<p style=3D"FONT-SIZE: 8pt; FONT-FAMILY: Arial, Helvetica, sans-serif; COLO=
R: #7f7f7f; MARGIN-TOP: 30pt">
This email is intended only for the person or entity to which it is address=
ed and may contain information that is privileged, confidential or otherwis=
e protected from disclosure. Dissemination, distribution, or copying of thi=
s email or the information herein
 by anyone other than the intended recipient, or an employee or agent respo=
nsible for delivering the message to the intended recipient, is prohibited.=
 If you have received this email in error, please notify the sender immedia=
tely.</p>
</body>
</html>

--_000_SN1PR18MB2093D628F72D40DA4F2D7C7AE1929SN1PR18MB2093namp_--