~alpine/users

Re: Inquiry Regarding Resolution Timeline for CVE-2022-38725 in "syslog-ng" Package

Details
Message ID
<D52EVQDBDOAU.19UAE4XEVQLUZ@posteo.net>
DKIM signature
missing
Download raw message
> Dear Alpine Security Team,
> Writing to inquire about the status of CVE-2022-38725, which affects the
> "syslog-ng" package in the 3.20-main branch. According to the Alpine
> Security Tracker, this CVE remains unresolved, and we are seeing it
> flagged in the latest images we are using. Could you please provide an
> update on when this vulnerability is expected to be resolved or if there
> are any planned fixes? T

The description of CVE-2022-38725 states that it effects syslog-ng version
3.0 through 3.37 but alpine doesn't ship these versions anymore.

I opened a MR to mark the CVE as fixed: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/73944

> Thank you.
> Best regards,
> Siddharth Srivastava
Reply to thread Export thread (mbox)