> Dear Alpine Security Team,
> Writing to inquire about the status of CVE-2022-38725, which affects the
> "syslog-ng" package in the 3.20-main branch. According to the Alpine
> Security Tracker, this CVE remains unresolved, and we are seeing it
> flagged in the latest images we are using. Could you please provide an
> update on when this vulnerability is expected to be resolved or if there
> are any planned fixes? T
The description of CVE-2022-38725 states that it effects syslog-ng version
3.0 through 3.37 but alpine doesn't ship these versions anymore.
I opened a MR to mark the CVE as fixed: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/73944
> Thank you.
> Best regards,
> Siddharth Srivastava