Received: from ncopa-desktop.lan (ti0056a400-0541.bb.online.no [85.166.229.33])
	(Authenticated sender: ncopa@alpinelinux.org)
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPSA id B13C3225D80;
	Tue, 17 Oct 2023 08:49:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alpinelinux.org;
	s=smtp; t=1697532548;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=OdT8wCOvfJVtgLBMdVgsvP+OLlMMcepppxEUBe8FYhE=;
	b=nCAAjJq/oRExzaDjwfGFGmDxakdpyCt0DLcDyE3JRSUOhuWJ4Qa03k5S6JxpEqfexWmhk7
	6pbtvUCfIb4NC76Yo3j7jjdQrgKwmHKzKtKRB9bvgGoaTIigxb5kaZJazdgiBzNLwxg/5j
	s7Qptv5umd/UybmQ32GmXPH+cccwd6Q=
Date: Tue, 17 Oct 2023 10:49:05 +0200
From: Natanael Copa <ncopa@alpinelinux.org>
To: Dor Hayun <dor.hayun@whitesourcesoftware.com>
Cc: ~alpine/users@lists.alpinelinux.org, Josef =?ISO-8859-1?B?Vnli7WhhbA==?=
 <josef@vybihal.cz>
Subject: Re: Inquiry Regarding Security Status and CVE-2022-37434 for zlib
 in Alpine Linux 3.8
Message-ID: <20231017104905.698b113c@ncopa-desktop.lan>
In-Reply-To: <397D6EEF-DFC6-4982-9C1B-1C965E822CD5@whitesourcesoftware.com>
References: <397D6EEF-DFC6-4982-9C1B-1C965E822CD5@whitesourcesoftware.com>
X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; x86_64-alpine-linux-musl)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Tue, 17 Oct 2023 11:08:35 +0300
Dor Hayun <dor.hayun@whitesourcesoftware.com> wrote:

> Hi,
> 
> You are correct, but we simply need to understand whether it is
> vulnerable or not. Why does it only appear for these branches and not
> below?
> 
> https://security.alpinelinux.org/vuln/CVE-2022-37434

Because at the time the secfixes-tracker was written (initial commit is
March 2021)[1], alpine 3.8 was already out of support[2] (EOL was
2020-05-01).

I suppose nobody cared enough to import historical data for releases
that were already out of support.

[1]: https://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/commit/1fd953e3c1e9c0d9334ebfc5210e180b840ad5ba
[2]: https://alpinelinux.org/releases/