Dear Alpine Linux Team,

I am writing to inquire about the status of CVE-2023-42366 in Alpine Linux 3.19.1.

I understand that Alpine Linux 3.19.1 is a maintenance release that includes various bug fixes and security updates, including security fixes for OpenSSL. However, the release notes do not explicitly mention CVE-2023-42366, which is related to BusyBox 1.36.1.

Could you please confirm whether CVE-2023-42366 has been addressed in Alpine Linux 3.19.1? If not, could you provide an estimated timeline for when this vulnerability might be fixed in a future release?

Thank you for your time and assistance.

Sincerely,
Siddharth Srivastava



CONFIDENTIALITY NOTICE This message and any included attachments are from Cerner Corporation and are intended only for the addressee. The information contained in this message is confidential and may constitute inside or non-public information under international, federal, or state securities laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or you may call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024.