Received: from DEU01-BE0-obe.outbound.protection.outlook.com (mail-be0deu01on2059.outbound.protection.outlook.com [40.107.127.59]) by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id 1B22C220296 for <~alpine/users@lists.alpinelinux.org>; Mon, 17 Jun 2024 06:46:42 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RqDonJlM8M8xBCOHQnWz4kNhj3MRPsbMdkgxGumw7H16sRmze35DR9UbIo/XozGR5OKWGfeM8/7v4yikvxEMVibhTWTH0wxTuwZN+ayoVYQRr3MG3MEaPBK/S4msVPLzXT8HzjhFjZ4HSNCuEJ5q+qrtdun8D2qC7bUPZMr42QA2MOseCnUC4PRE531GNcChKDrD2j4YHW2UNW0OAml5t8DZidMEuCMLIkfc7eqIySE/CkeU6N1SMz05/iV/n/zQNRwEyMH+Y6reuoOP/Y483gU0/Qg4GMZ9W0+LwWZjGdii6BFe0c1o3RHXAUwPfhxsZdwEgwafX4kqVQP27C+B7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ci8L96rMB2WkWezlIWfzxUBj5CuTfHUZDr4IeWZiwBM=; b=bE5cDs9QxuPA9bpofJWSGHVW3h/YBy6N7DsZ2TxIAsPSKT2t9riS61BE7HlxjvCEWG0mTRQYIzJwk4/OmYI6gO4SljEmE4lxQRNHBpDVSmldwnTsY1ffzdUDNLw7yFcbp6YBx7JWTruAKocDXRFPgnMHeYiZ5Ue8ao6A/ucFwmVwdSvBDVr0MhTI9SWWKjkacdoG+RRWEhLp/CliMh9/b+TZ4Mt9IWb/7wNvLbmZk/WHvSBmIGqPte3jug4/Q2RN7Lyn9gsTqlgcXbhfnKsIMg7v6cBQ4frgTUUoOokZgUxnIo60UTU1caE7VHJUac/S76h38k+cbA33dUUmTOcstQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cerner.com; dmarc=pass action=none header.from=cerner.com; dkim=pass header.d=cerner.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cerner.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ci8L96rMB2WkWezlIWfzxUBj5CuTfHUZDr4IeWZiwBM=; b=b6klkEV+7Ffgo3F6aR3xt5Dpp8fgEu+qYUf0S7y3jeoY9KWLH9ceq51/BUh53DsQ8/JdL1HNi4pGXAe/7TCL1O7yb9Dx37L6K7SfSXZovaefxmm1K7A8I+1KWMPPgyjCUtwvY+Q5PV9eOFBKVBRxHj1GOS2zY/wcZDPsZfOeqTs8Efk+rLtrG1gPjeYczyHndt6mkfhM2XfdGJRRaedWHh0MVRooY6w/KoOCJvF2Dxuq369KQc7GtL9mNE4oxw9F2rgY1m762D/2GiCF/h/h8HXREnG91NarmwTdtD0hNA+o9xYhLcqid3L30vsfB6+6NlqvstnxcXXNUDZJlKytPg== Received: from BEZP281MB2342.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:45::14) by FR5P281MB4487.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:11a::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.30; Mon, 17 Jun 2024 06:46:39 +0000 Received: from BEZP281MB2342.DEUP281.PROD.OUTLOOK.COM ([fe80::6113:2627:345a:6e75]) by BEZP281MB2342.DEUP281.PROD.OUTLOOK.COM ([fe80::6113:2627:345a:6e75%6]) with mapi id 15.20.7677.030; Mon, 17 Jun 2024 06:46:38 +0000 From: "Srivastava, Siddharth" To: "~alpine/users@lists.alpinelinux.org" <~alpine/users@lists.alpinelinux.org> Subject: Inquiry regarding CVE-2023-42366 in Alpine Linux 3.19.1 Thread-Topic: Inquiry regarding CVE-2023-42366 in Alpine Linux 3.19.1 Thread-Index: AdrAggXUFPbDSnHjQ+GudUmUtdw9tA== Date: Mon, 17 Jun 2024 06:46:38 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_b1851626-05c4-426e-b768-1c35733f6fea_ActionId=ed868d3f-77b7-4631-8623-28e0ede8aaf6;MSIP_Label_b1851626-05c4-426e-b768-1c35733f6fea_ContentBits=0;MSIP_Label_b1851626-05c4-426e-b768-1c35733f6fea_Enabled=true;MSIP_Label_b1851626-05c4-426e-b768-1c35733f6fea_Method=Standard;MSIP_Label_b1851626-05c4-426e-b768-1c35733f6fea_Name=b1851626-05c4-426e-b768-1c35733f6fea;MSIP_Label_b1851626-05c4-426e-b768-1c35733f6fea_SetDate=2024-06-17T06:45:55Z;MSIP_Label_b1851626-05c4-426e-b768-1c35733f6fea_SiteId=fbc493a8-0d24-4454-a815-f4ca58e8c09d; authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cerner.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: BEZP281MB2342:EE_|FR5P281MB4487:EE_ x-ms-office365-filtering-correlation-id: 5e9bce15-4231-4933-c084-08dc8e993d22 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230037|376011|1800799021|366013|3613699009|38070700015; x-microsoft-antispam-message-info: =?us-ascii?Q?gkSlJjZ61l1JV9A/VzWbZc85z/ECpH366TzV9czkOqEas+Mq2vWsK4g51X1p?= =?us-ascii?Q?qbR33Sk6hcG6mnjUN6NwXxuj2kHcSDTZCoR3JIdGWRdvTXj6ZY16GU68JJgk?= =?us-ascii?Q?65/wVsA1GT9rPZm/8WoC8Xsgn9ci8G0TbRXOJQK0Xn/Uptz/bn56SGThXGCy?= =?us-ascii?Q?HxWJ9H96+/ko/YIGQbgA5stoJjlT/r0R+hYKiySXDbCuQTQZd9bFI8TnwcB4?= =?us-ascii?Q?JnMkxaqxVzL5bBpaHt3xnl2G/3Uzs4Q4ThsoZfM8HyEvTjdp8GizervA/hpy?= =?us-ascii?Q?yBp9MnAq1tlSlM1S/MGunWqldpC5g5Rb4OfEzvGpyA5FMBBpiRJzO+Dd/qi8?= =?us-ascii?Q?5ccTVOss5LNjMAUq3kmOaPPdzc8ilWLoVXJcmk/Bqh++lK8OmtW6/Re7X7BK?= =?us-ascii?Q?EgbkUMeKTgdSbfo4BupYKN+Ujs59Ip/6Iq/ST2jojpDcpKfc4nSw0/CcrCf3?= =?us-ascii?Q?6+hjG5VqzT+aTYFx71jlaDF7m4FYfUzT8zfwQbg1u6ULl9/gfndch/sxySaH?= =?us-ascii?Q?lSdRtmLtwzIvRHauQkpbdUatgNIQ9nAbZaZVp7uNCoPY+TPKrduZverkYabw?= =?us-ascii?Q?qrKVsEKiioAZwn0dJCosQoLgGh/FMrFK6aqfRRW35a5kKFPC9rb1++bqMOPO?= =?us-ascii?Q?QDUWGuU6qYHtLeT3SoR6mmgkJDujr927Rv856EtuqFtmnWb/iT2Lw6n7x81Y?= =?us-ascii?Q?QfjuAbEkBErrcUs1pTv4HOIvlmzkZMJ9162B9JGIiak8NYAkWvaQpEJH5GtM?= =?us-ascii?Q?tT8TeA08/19EsE6e/cf4SfOAonNSyr/TtSbjBfwZSHYV2QBi6kStrijMObLh?= =?us-ascii?Q?PBFVBc8RYHv4p/ULwDGH2WzT8JvDqnpNqDeT+6BmtpFCmygjIVXEMd4jhJRJ?= =?us-ascii?Q?ArT886k8s6qg/JVUZf0RfOAGycrmEe2l9temDVKsxrfowBeOaF+38DMBqTQW?= =?us-ascii?Q?bCDgRxcApCtQTdpC268oad2KcxMyBhNe4/LuNiA+Gs1TmvdFSGtKbMw9o0o5?= =?us-ascii?Q?ZMHuNn/1mf0JPo5ennMsSVbp+9dG82sUUtRCa4WRnPRHnJafAVZ8jzrFz6i+?= =?us-ascii?Q?Bhcw14vLvNg8G758zNeeONDaTz/kG0F5xbYamZOc/bF+R9d48haaTwDuH2kI?= =?us-ascii?Q?ebKqgtud9IzeK+BHwXM6oB6q81AHjbljNwmVO4Xl6DPUQi4D32pHKJABro6t?= =?us-ascii?Q?1DQleyQCLZ8vmB6kf7VaxJbBPC65WU3eW6USi/a1+v+GZikVyuodKoBzpnjN?= =?us-ascii?Q?ClNPbTQAqX9VfDLsptdSrMqT5KRe22VTZ7PK3E5ARqGx3zPu8YN5xRvzSGIT?= =?us-ascii?Q?kKoPEfKerqkiGGIUO5gGBn9x2jOuC0EMu228ynUgp05nr8Q9RTpAIcRu1JlZ?= =?us-ascii?Q?qX9/TYCjaseJbNI5kfIpojFqIebBW8PSJ57CFPpfqaSo7H9d9Q=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2342.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230037)(376011)(1800799021)(366013)(3613699009)(38070700015);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?FxNRodBaoqDX+MXhF4XsO7IPxD9O58z1Xa8q2r5Af3jKL5kscpKLw0clfcK1?= =?us-ascii?Q?AbSwDoXBMsLtOa+ljl5CSg7ow3nI+C1fb7soGUBaR6V0b9RKpNUoz+uTlG6c?= =?us-ascii?Q?Frilj4KSSYh0zbxx9tQ8Ap09I30pJxbmnh/KtAjnjSqWG4INzzFG1Q8dl7G7?= =?us-ascii?Q?LJNyxtNWoLAMWIw+4qqGFyHGSfaj3gfBRNTgkXpk3D5ly18pq7UbSodGhXNl?= =?us-ascii?Q?xtYDCRjU/Zsd6VK5x8aSwFzTcH9wL0crcizqe8SVl5Pxt3+F1vftTX5oEDVD?= =?us-ascii?Q?0S0X9KBjHe5UIFA5qXoVFnfLW308QmxIz9lafTpoR5IsRv+JQmDTM2j/Iv94?= =?us-ascii?Q?HwSpEkuy4WdUGKkF120c3WRcp1/0mEgDYqiWMbCBQaWUntK5084zV0k8YaKg?= =?us-ascii?Q?6ChJ1YGwq/71WQ2lAedjioZ9GatW9ZPXsDIwt/XPegq5F8JQbY5zjdsNN42h?= =?us-ascii?Q?c273t1X9YPxY2w97jkHQo9aAD+u1poU6R0wJ7OdhKxd6zdM/JgN7FJv30PnV?= =?us-ascii?Q?StbLD+4vdcXJaP6CqrBWIa19LYE/10EC84ANOFrpqYreBziu1TZtjxeilZfe?= =?us-ascii?Q?+bTHHH/BXOr2MBInSV1JGVbUOI77BhtxFF1xFMhuhscnjVAcy60ct94SCUB6?= =?us-ascii?Q?OO2EvbBJFgjq0tVKxlF3E1aKciDfe/Rpw0lXNbBS/ugSQePUdzfEN9W+6Yy6?= =?us-ascii?Q?rLr9BzklfzuFOQ4WHFwQ5yC02g5Fin7+yfEHJWEBvIn/Yi3WuLVFB+cq2H4G?= =?us-ascii?Q?/tJ021L/aRhzLSlxKg6DPyGWRlVlDRweXeAVN1mUNPEEky5j3CkAb4QKaMNF?= =?us-ascii?Q?yMLEQw0hcLwIts3L6M/SQ3ZF0wXQEZ3mS+4x+vY0erhW3f1W7oyxGA/6ffO7?= =?us-ascii?Q?74tYbe89jL+vlFfbC+4jtcN2/j7hLXvTduTNIX9q0DhFQ4RYLrymhogtCe13?= =?us-ascii?Q?8/gFIXkY/KeP/Q+6M4xsAIMWKp5TmiXza3y/0Vgz88NElcpfqmHrv0TPK1xy?= =?us-ascii?Q?bXUCUOkCj8plvrqQ3VfVup/C5Bxc2GLC7+su8dkaIN30ODboYO1PJTujyQ2T?= =?us-ascii?Q?jOgn+N3i29KN8aGs5bbW2VV1zDdJPVfDRLbHyyi5b7292NqoCId5ljjHQbDp?= =?us-ascii?Q?gEnawttdSt7JfOlb4ypR+zljmqhQPttwpUSqOp7LnJFaX66V5sYKaFULclBn?= =?us-ascii?Q?rjAMfTROc+WOnsInUOChfE4xTIJf69iW8EXqLTilpXeKHDEvHup2M3I1OLVR?= =?us-ascii?Q?aB/7vaZasUMRfmWqf8DskukBkWKZ8WZY/QLxZBfO58wvtQNBCUe+01iqlv54?= =?us-ascii?Q?1jM2nIN8tmcMEYe8P8DAJrsJ2Liy3kBW/9LGEgAFUVzGgmbQyQoFIiIwy3nZ?= =?us-ascii?Q?7PSm7HvkmA4iHElnmx7RsqwvfZFzIDE31N6pO7fGDz6FiNrs1s5X8q/3DylL?= =?us-ascii?Q?upd0+zN30Y0V/0ejMn20CyR/9nJE/nX0qBYzIiAs1SyToHsdy5P94frQ+4gd?= =?us-ascii?Q?GjpzO/t3PvzPaYGVDbkB5EltdE+zHFU6x1aRwBKxnCiLi8BRGW0fKmx+Zrvi?= =?us-ascii?Q?Z76eDThfu9qrGK5L1W+raW0AcfqyK6fW+AxvI0YW2yQ2btS7y5v+Iorztkg9?= =?us-ascii?Q?OxVouyxAbk4K+nrkwMckFE4=3D?= Content-Type: multipart/alternative; boundary="_000_BEZP281MB2342CC7DE09386D3FDC9C81BD7CD2BEZP281MB2342DEUP_" MIME-Version: 1.0 X-OriginatorOrg: cerner.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2342.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 5e9bce15-4231-4933-c084-08dc8e993d22 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2024 06:46:38.6411 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: fbc493a8-0d24-4454-a815-f4ca58e8c09d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ttoEt4Rb1WA+o0DGgBq5St23IZkRcLUKj7gvqTzSnIGaaGXJ0PEgK0qVDYfDrCL8pN7PJ9mzTvDYNG1rjaUiqw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR5P281MB4487 --_000_BEZP281MB2342CC7DE09386D3FDC9C81BD7CD2BEZP281MB2342DEUP_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Dear Alpine Linux Team, I am writing to inquire about the status of CVE-2023-42366 in Alpine Linux = 3.19.1. I understand that Alpine Linux 3.19.1 is a maintenance release that include= s various bug fixes and security updates, including security fixes for Open= SSL. However, the release notes do not explicitly mention CVE-2023-42366, w= hich is related to BusyBox 1.36.1. Could you please confirm whether CVE-2023-42366 has been addressed in Alpin= e Linux 3.19.1? If not, could you provide an estimated timeline for when th= is vulnerability might be fixed in a future release? Thank you for your time and assistance. Sincerely, Siddharth Srivastava CONFIDENTIALITY NOTICE This message and any included attachments are from C= erner Corporation and are intended only for the addressee. The information = contained in this message is confidential and may constitute inside or non-= public information under international, federal, or state securities laws. = Unauthorized forwarding, printing, copying, distribution, or use of such in= formation is strictly prohibited and may be unlawful. If you are not the ad= dressee, please promptly delete this message and notify the sender of the d= elivery error by e-mail or you may call Cerner's corporate offices in Kansa= s City, Missouri, U.S.A at (+1) (816)221-1024. --_000_BEZP281MB2342CC7DE09386D3FDC9C81BD7CD2BEZP281MB2342DEUP_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

De= ar Alpine Linux Team,

 

I = am writing to inquire about the status of CVE-2023-42366 in Alpine Linux 3.= 19.1.

 

I = understand that Alpine Linux 3.19.1 is a maintenance release that includes = various bug fixes and security updates, including security fixes for OpenSSL. However, the release notes do not ex= plicitly mention CVE-2023-42366, which is related to BusyBox 1.36.1.

 

Co= uld you please confirm whether CVE-2023-42366 has been addressed in Alpine = Linux 3.19.1? If not, could you provide an estimated timeline for when this vulnerability might be fixed in a futu= re release?

 

Th= ank you for your time and assistance.

 

Si= ncerely,
Siddharth Srivastava

 

 

CONFIDENTIALITY NOTICE This message and any included attachments are from = Cerner Corporation and are intended only for the addressee. The information= contained in this message is confidential and may constitute inside or non-public information under international, f= ederal, or state securities laws. Unauthorized forwarding, printing, copyin= g, distribution, or use of such information is strictly prohibited and may = be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of th= e delivery error by e-mail or you may call Cerner's corporate offices in Ka= nsas City, Missouri, U.S.A at (+1) (816)221-1024.

--_000_BEZP281MB2342CC7DE09386D3FDC9C81BD7CD2BEZP281MB2342DEUP_--