Received: from jan-kohnert.de (srv21636.dus4.fastwebserver.de [89.163.148.75])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id D9C10225D4C
	for <~alpine/users@lists.alpinelinux.org>; Tue, 17 Oct 2023 08:41:10 +0000 (UTC)
X-Virus-Scanned: amavisd-new at jan-kohnert.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jan-kohnert.de;
	s=20191; t=1697532070;
	bh=gA+DIVQT9V1ZoK6ZI1rkh91xKQJI8zUov6ZVKnAF2J4=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=iMjckX/gTSctkE3rIkiWJ1tpn2YHwP0IfVGTk0Hed8DGE0SvrgPVyFeTAKDG4djN5
	 gTJlMAcgvf9A3au4nz+Cb8IxKdDOO+x0/ZQl0GTk+QfWYoiYgR3RFbzbyh66noyKDF
	 +XmWmWfBAiuDeQbdgoEwbQHs9TwTWAp4/Tfo63LW3OkK9uVamOh+WH1QVy44vhRM0k
	 U8Dmnlc8jcYVnx1SgPVWrnYEHctZeBiZ1DY+M8pmpu/rbVQScWfWRDKXeftHZk5v69
	 0B6Jznqdjn+MeMOzRdrNJ7gBWku0awTWxxF6DIWwRSNLhElEr7zuCALU24dDlMnbDB
	 KLOHqCHP0Zodg==
Received: from kohni-mobil.localnet (p200300cb87459e0b3ad90b43f39db5d5.dip0.t-ipconnect.de [IPv6:2003:cb:8745:9e0b:3ad9:b43:f39d:b5d5])
	by srv21636.dus4.fastwebserver.de (Postfix) with ESMTPSA id 787377C02F0
	for <~alpine/users@lists.alpinelinux.org>; Tue, 17 Oct 2023 10:41:07 +0200 (CEST)
From: Jan Kohnert <nospam001-lists@jan-kohnert.de>
To: ~alpine/users@lists.alpinelinux.org
Subject: 
 Re: Inquiry Regarding Security Status and CVE-2022-37434 for zlib in Alpine
 Linux 3.8
Date: Tue, 17 Oct 2023 10:41:46 +0200
Message-ID: <5718831.DvuYhMxLoT@kohni-mobil>
In-Reply-To: <53B55CAB-D9A4-4ADA-A2B2-A47DB0649649@whitesourcesoftware.com>
References: <53B55CAB-D9A4-4ADA-A2B2-A47DB0649649@whitesourcesoftware.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"

Hi,

Am Dienstag, 17. Oktober 2023, 10:03:02 CEST schrieb Dor Hayun:
> You are correct, but we simply need to understand whether it is vulnerable
> or not. Why does it only appear for these branches and not below?

as stated, Alpine 3.8 has had end-of-life on May 1st, *2020* [1], the CVE is 
from *2022*

If you're really interested whether the CVE applies for a version having end-
of-any-support *two years before the bug was even discovered*, I'm afraid 
you're on your own or need to pay someone to do the research.

[1] https://endoflife.date/alpine

-- 
MfG Jan