<CAFWK1CB7mp=gWGaTpv3TJunGSgOKCKKVLUbc5k9dbKodJyv1kg@mail.gmail.com>A CVE is pending for this. Also see: https://alpinelinux.org/posts/Alpine-3.8.1-released.html https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1 ----- Sincerely / Med vennlig hilsen, Daniel Isaksen <d@duniel.no> (https://duniel.no) On Sat, Sep 15, 2018 at 4:01 PM, Fabio Martins < fm+alpine+user+list@phosphorusnetworks.com> wrote: > > Just read: > > https://www.theregister.co.uk/2018/09/15/alpine_linux_bug/ > > ..."The vulnerability lies in the way apk unpacks archives and deals with > suspicious code. Justicz found that if the malware could be hidden within > the package's commit_hooks directory, it would escape the cleanup and > could then be executed as normal." > > Didn't found nothing here: > > https://bugs.alpinelinux.org/projects/alpine/issues > > Am I missing something? > > cheers. > > -- > Fabio Martins > PHOSPHORUS NETWORKS > https://phosphorusnetworks.com/en/ > > > > --- > Unsubscribe: alpine-user+unsubscribe@lists.alpinelinux.org > Help: alpine-user+help@lists.alpinelinux.org > --- > >