Received: from mail.regrow.earth (mail.regrow.earth [62.113.204.201])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id 2F3DA225D4C
	for <~alpine/users@lists.alpinelinux.org>; Tue, 17 Oct 2023 08:41:02 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=regrow.earth;
	s=2021-03-15_regrow.earth; t=1697532058;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Bflr9cR+8zzImdFL9ffszPdDOpuFg35scGSjcZ4n0ao=;
	b=MCwzuKbeCiVBt/xmgb7ZsYFlyS4oh/k7v6s3RzgdQLK3u5/hhJLYlnw8eAyzRhAEPaPpYW
	ho8zS0jZa034flFtYD7z3+TPvQJiM0/2noUKoToz2Kmi0pcwTpgJX11Snr7xa7/wVTdIZ9
	KkdnoSiHYGe7WloBwGnoKRnl2vzDzvagf7jWLK+FjESKkaiA7m2xiUa4XBaV5Me0nWezNJ
	UUS3epCxl5zp15jwQgaqXd9CdzIv63Gi8/EQyjR8e7Wqsm88KtEt9UssexKuLuER1h84W4
	yQuBfOKVcX4fX9YqPZFGrlykeEE77lr6C5UFm7XObfxL6JQCEI8IWnGR7GgE8g==
Received: 
	by mail.regrow.earth (OpenSMTPD) with ESMTPSA id 5b65e094 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
	Tue, 17 Oct 2023 10:40:58 +0200 (CEST)
Date: Tue, 17 Oct 2023 10:40:56 +0200 (GMT+02:00)
From: Unicorn <unicorn@regrow.earth>
To: Dor Hayun <dor.hayun@whitesourcesoftware.com>
Cc: ~alpine/users@lists.alpinelinux.org,
	=?UTF-8?Q?Josef_Vyb=C3=ADhal?= <josef@vybihal.cz>
Message-ID: <1c87df5e-767d-4b8e-a2e2-0e87f38bfee1@regrow.earth>
In-Reply-To: <397D6EEF-DFC6-4982-9C1B-1C965E822CD5@whitesourcesoftware.com>
References: <397D6EEF-DFC6-4982-9C1B-1C965E822CD5@whitesourcesoftware.com>
Subject: Re: Inquiry Regarding Security Status and CVE-2022-37434 for zlib
 in Alpine Linux 3.8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Correlation-ID: <1c87df5e-767d-4b8e-a2e2-0e87f38bfee1@regrow.earth>

17 Oct 2023 10:09:26 Dor Hayun <dor.hayun@whitesourcesoftware.com>:

> Hi,
>
> You are correct, but we simply need to understand whether it is 
> vulnerable or not. Why does it only appear for these branches and not 
> below?
>
> https://security.alpinelinux.org/vuln/CVE-2022-37434
Hi Dor,

this is probably because releases are supported for 2 years and 3.13 was 
still supported at the time of this vulnerability, while 3.8 has not been 
supported since 2020-05-01.

Best,
Edin