<397D6EEF-DFC6-4982-9C1B-1C965E822CD5@whitesourcesoftware.com>Hi, You are correct, but we simply need to understand whether it is vulnerable or not. Why does it only appear for these branches and not below? https://security.alpinelinux.org/vuln/CVE-2022-37434
<1c87df5e-767d-4b8e-a2e2-0e87f38bfee1@regrow.earth>
<397D6EEF-DFC6-4982-9C1B-1C965E822CD5@whitesourcesoftware.com>
(view parent)
17 Oct 2023 10:09:26 Dor Hayun <dor.hayun@whitesourcesoftware.com>: > Hi, > > You are correct, but we simply need to understand whether it is > vulnerable or not. Why does it only appear for these branches and not > below? > > https://security.alpinelinux.org/vuln/CVE-2022-37434 Hi Dor, this is probably because releases are supported for 2 years and 3.13 was still supported at the time of this vulnerability, while 3.8 has not been supported since 2020-05-01. Best, Edin
<20231017104905.698b113c@ncopa-desktop.lan>
<397D6EEF-DFC6-4982-9C1B-1C965E822CD5@whitesourcesoftware.com>
(view parent)
On Tue, 17 Oct 2023 11:08:35 +0300 Dor Hayun <dor.hayun@whitesourcesoftware.com> wrote: > Hi, > > You are correct, but we simply need to understand whether it is > vulnerable or not. Why does it only appear for these branches and not > below? > > https://security.alpinelinux.org/vuln/CVE-2022-37434 Because at the time the secfixes-tracker was written (initial commit is March 2021)[1], alpine 3.8 was already out of support[2] (EOL was 2020-05-01). I suppose nobody cared enough to import historical data for releases that were already out of support. [1]: https://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/commit/1fd953e3c1e9c0d9334ebfc5210e180b840ad5ba [2]: https://alpinelinux.org/releases/