Received: from griffin.geeknet.cz (griffin.geeknet.cz [94.142.237.48]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 4E66678108C for <~alpine/users@lists.alpinelinux.org>; Tue, 25 Jan 2022 14:24:21 +0000 (UTC) Received: by griffin.geeknet.cz (OpenSMTPD) with ESMTP id 62d2e102; Tue, 25 Jan 2022 15:24:20 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=jirutka.cz; h=subject:to :references:from:message-id:date:mime-version:in-reply-to :content-type; s=mail; bh=3RlYudRu8ZDDl7nO82vkwxR7pZ4=; b=nkB2La d53sV2n1o6kf42M6lI36Jg7b8de34oI2MLzyyMYA9G6VaBzz8Wg8cTDwoQqV9j0B HFydKsYF2lYr3B7bVrzj8b1AXjDXJI7roqEXvGVM6BJN0y/21+BN4V6VtILGJCKX GGGryPT597BNNhHsfaq7Sek2L4ghHh9VHJiq0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=jirutka.cz; h=subject:to :references:from:message-id:date:mime-version:in-reply-to :content-type; q=dns; s=mail; b=ZjFigekXDpGHRChrmvKROkBlfguzid4T 8TbnWbkzZpUlBccMl1anmJC0Y8YEHNC8Iids8rlD5Qa9CSktjH7pKtebPpzeT1Yw npO2ohg4jvu9g8zHQ1AxEGXdoBJurgGz5QEpcDcEKrZ+YAtwYsR/tEcjHyVBU09B +0Q57OQmXgU= Received: by griffin.geeknet.cz (OpenSMTPD) with ESMTPSA id 8a022b0a (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Tue, 25 Jan 2022 15:24:20 +0100 (CET) Subject: Re: Alpine Linux affected by CVE-2022-0185? To: Markus Kolb , ~alpine/users@lists.alpinelinux.org, Paul References: From: Jakub Jirutka Openpgp: preference=signencrypt Autocrypt: addr=jakub@jirutka.cz; keydata= mDMEXTx3jBYJKwYBBAHaRw8BAQdAyJmVgj7DHR6w2TLD0/37Es0RePi5EzT/7r8AHyTmXhK0 IEpha3ViIEppcnV0a2EgPGpha3ViQGppcnV0a2EuY3o+iJgEExYJAEACGwEECwkKBAUVCgkI AwUWAgMBAAIeAQIXgAIZARYhBNeFiRJmnTog9PRr0vlb1nkQTTEVBQJhED+SBQkJd2KGAAoJ EPlb1nkQTTEV0ZMBAJdqXstUoAqJGTAJm4lA74Cy7EYNJFNLL144GqeYaH+jAPsG0q/Y5eYt w2Ki0a3CC2VR+IQfC35/qajyDunYM1XCAbQkSmFrdWIgSmlydXRrYSA8amlydXRqYWtAZml0 LmN2dXQuY3o+iJUEExYJAD0CGwEECwkKBAUVCgkIAwUWAgMBAAIeAQIXgBYhBNeFiRJmnTog 9PRr0vlb1nkQTTEVBQJhED+SBQkJd2KGAAoJEPlb1nkQTTEVtEgBALqAMdtyiAQ6fhfIgm4a q3/eHPCjbQ4IJGZEqGJv0Y9FAP4leBvyDRMzjuZ0UFxgA6Jhe2KZ11+il7eDE/hSrGeaDrQp SmFrdWIgSmlydXRrYSA8amFrdWIuamlydXRrYUBkYXRhbW9sZS5jej6IeAQwFgkAIBYhBNeF iRJmnTog9PRr0vlb1nkQTTEVBQJhEECZAh0gAAoJEPlb1nkQTTEVKTQA/Rt1llQafW66lmq6 M8T4o5W+D3yMSzjsVFfPQamQr4+RAQD/yCWPty9xq+pUqLa+f82uo4stntL89nFvF8mH6nr2 B7QpSmFrdWIgSmlydXRrYSA8amFrdWIuamlydXRrYUBmaXQuY3Z1dC5jej6IlgQTFgkAPhYh BNeFiRJmnTog9PRr0vlb1nkQTTEVBQJhEECDAhsBBQkJd2KGBQsJCAoHBRUJCgsIBRYCAwEA Ah4BAheAAAoJEPlb1nkQTTEVoBoA/itzK17bT+dAvAKkKzCPF6EfE9++FpgLk8JnvWD6jl+F AP4vjp05WsdPat7qZJtXFvkHDESI55LJvRMyMurEO/ULDrkBjQRdPHe4AQwAyNlnBplbnolj R1Qoam3Qwy/wC6GdQCGuA6nEUIVdtp9dfMC0Yz8zQFkjF/EA0p4hE+BkrxTyo19GayzwSlFr VVZwrkgFMpZ9LZs2Q6XAvmzsigznUF+1TfA3xj/YsXtp7gKUbKSDcYm24bAkSlfmkrcB7F0m J32rLxL7IPvPQ+iI8fjjlGogO8KOtRepTCpcnTJjtvoGcsnFVLkXyIQEQr/xe1MGNkr2TGaE UeEC3NW/9JRBwE3SW8lQ2U8MhBWpCflLv9h6uM3DatLhVAERuKvkzQmlW0FKX5P9Zw0huQoP 4wps3KlteEjmfpIqnWVED42FDsCUucxLk1z6E+nc3ZmgesCiP/yjl/YdU806mjf5EwZ4sYtI RxB3xTnDor8YomH/epLLv/vDdmDtOQq0vmFzDbiazvGVGmVWSPMo4YnhbfEXRAS/pBxGTQz0 or/0iWdvprc78oDco4qZpkcO2q9vpIsmG2bwCqG3+v9+GLI4lNE0nHQXfhMWwS0jltW/ABEB AAGIfgQYFgoAJhYhBNeFiRJmnTog9PRr0vlb1nkQTTEVBQJdPHe4AhsMBQkDwmcAAAoJEPlb 1nkQTTEVYs4BALS0QAnLDKT4+QmyGr9ZPsE0SZgQ+ik8AjCmtUSORRCTAP0VSVe0lnWwwY10 4PR9A+ZbADiYn3+z6/0OnEkocuiFBYh+BBgWCQAmAhsMFiEE14WJEmadOiD09GvS+VvWeRBN MRUFAmEQPaUFCQl3YG0ACgkQ+VvWeRBNMRUIxwD/UcIapa7c5lFk2Tg/q+XlZH/5pKU/uOGj VxzHvs+8naMBAPo8LZT02iL6uTkecw1rk0Jc98MEDl0wfWCTtj6KDlQAuQGNBF08d90BDAC5 ixk/+Ll/TnEIy2qvTWkDIsWXpWm8MMtG8j7LdLv/53sQ79YAcycyoKSfSM2vetiW+h1GQx/S 3YfRBq8kRbWeiUQbo5gMabnkRLTqIn+m53rxExgvmAyNvAdgDakbay0NX43mO1xcLH7OsCz8 KSElnkzjSORawov56XdwBm4ojHYJcodXSmEz7qJ886HUorzgWES1kQ4GgOuwLODs2cHgzx6g hCdPTZtCDVfgg70U5e0rFMBxvwiN9nx6RlOCqxePgL1TsrsBv4XfCptDPvtLOp5kI1NU6ATR zzcWxOEGz+3D1N5T3z8mvWHp6c1+Iqi3ipsu/U0lCLwhSWdIgU187VApBMEfC/XR6dKfJuqV dHljZL28JFqkwootsnpAZTm9uUIBUJQ0p+KMmQloPUXGENDzO4yjDeMwPMLsYUH2I4V7Uqio ex8KnSExisXAgN3Wnz+Ci1yzkSGgFJTN5gV8QU00ox2aNwjatr/ftGXGixx654Q+vpPBQjBU 0B4Va9MAEQEAAYkCNAQYFgoAJhYhBNeFiRJmnTog9PRr0vlb1nkQTTEVBQJdPHfdAhsCBQkD wmcAAcAJEPlb1nkQTTEVwPQgBBkBCgAdFiEEv7UV5T50WUImhovnefKZsENajiMFAl08d90A CgkQefKZsENajiPD8wv/RS7+f8XXQQXh/raTSyRTrJzrpoP7fmq82hrVjMIW/BvRn04mMrb8 SCun7rXR0CdSpCkgtVi0ZSQjJIYg8DRT2T+R1lUgPoeTJQyH6zZFHO1RQpjVuBQEJ/uDnWdJ RCI1tO7qNSJaNsoaN8QXYO5hdmEV/ZKYNJBUuJ+tVZPD9ysa+E5lJm2DkHqwje0HGsf32Jig /8O34fGhNfUSRLqLEhlt4jj9J+SHmrXi+vXPthdyWY2p78JpKMwG4sFrvWmDufwEs5vEtxqV ZPpJn1IuQbAZTujhmIZg9Dn8AmBy/oSKT15kZ2OIxP9qO+BastypuQ043wTtWvawxaYSOAKX HWidzzjL+9GymCygaVOdVwlymrjFBLQtz7TlR0//cbot5tHIIA4wSg2I5ICuZdIBwh7LVbGZ m9R0I81JT2a0dy8VoTho8X6COs+CQQmZA8YIn6d8aKM8ir98Q5MZHQSRsspf8fEVMZAzHDQ0 ghxdUcXJenkhUF38VGHqe9VT68Bw/SEBAPIMnmCGhRSMz8jP7Pxc1dTFFl4ZTic6qH9WDCDK ovwNAQDOY8alqx0Aei84zpCcQ2xlGd66RxbJqsU0/iVfkwb2BIkCNAQYFgkAJgIbAhYhBNeF iRJmnTog9PRr0vlb1nkQTTEVBQJhED2zBQkJd2BIAcDA9CAEGQEKAB0WIQS/tRXlPnRZQiaG i+d58pmwQ1qOIwUCXTx33QAKCRB58pmwQ1qOI8PzC/9FLv5/xddBBeH+tpNLJFOsnOumg/t+ arzaGtWMwhb8G9GfTiYytvxIK6futdHQJ1KkKSC1WLRlJCMkhiDwNFPZP5HWVSA+h5MlDIfr NkUc7VFCmNW4FAQn+4OdZ0lEIjW07uo1Ilo2yho3xBdg7mF2YRX9kpg0kFS4n61Vk8P3Kxr4 TmUmbYOQerCN7Qcax/fYmKD/w7fh8aE19RJEuosSGW3iOP0n5IeateL69c+2F3JZjanvwmko zAbiwWu9aYO5/ASzm8S3GpVk+kmfUi5BsBlO6OGYhmD0OfwCYHL+hIpPXmRnY4jE/2o74Fqy 3Km5DTjfBO1a9rDFphI4ApcdaJ3POMv70bKYLKBpU51XCXKauMUEtC3PtOVHT/9xui3m0cgg DjBKDYjkgK5l0gHCHstVsZmb1HQjzUlPZrR3LxWhOGjxfoI6z4JBCZkDxgifp3xoozyKv3xD kxkdBJGyyl/x8RUxkDMcNDSCHF1Rxcl6eSFQXfxUYep71VPrwHAJEPlb1nkQTTEV7jEBAIuF LjQgBQqXNJ0QEhhLjBgsgmUQZ3WMY6cm+AFqgRuHAP9G+n+JkF+JxDWJLbY3N7B2l6S7BaKW ezza5jqUCp6tCLkBjQRdPHgsAQwApA2i6aZVOa/sOtveGmNStDSylZtXbMfzDEpdg7rwyq6l cGs7D8xEZJrJj0H25zUJzGVDfI3IfnQYNabAlRfseqBS2JJvjOVzy7wFmLKmrOGZ571MURM+ SieTd6DLQb07+46/m65f94ItE9A007j9JqI788JTWwC1gQhrsK6JmhOOOsdvZRcoGFd9ENwa OuXJkMnBFpug3EHmhKEtxFXRx19LjpuREX8930p2+Io9tL4KJV2+r4RJ/C3xUwWG5ErkJwRW Gd5eOYIqHYegll9mxxgcc6+THWwLM2toulU8SWdQ1qNwFcaLAThdR4941/NL0QiOkPf+6SQM oNWmSArhO34wrPkDfMum2U/UB1EFrBB/eNWIuGh9bzDc744zdD7P0ERz8AbzJjE22MHa7yz2 r3Blf442F7Bc9o0AJwYiUUHPoaJd5YTbyvFQchuhGaN1hB4TLH9n3iyuL6iJwE3rvolvcASE L+73qf24PHpXtMX8MhWu9+gVaH68uKtOqIz/ABEBAAGIfgQYFgoAJhYhBNeFiRJmnTog9PRr 0vlb1nkQTTEVBQJdPHgsAhsgBQkDwmcAAAoJEPlb1nkQTTEV260BAItJ2AO0xuE9GsfnJQAw 5+juYsvzDRzeZXW2UdKuq3OAAQDV2X8BFduxeWHsjyAzdVT+icjxJYxUWEYZks1+OxD5Coh+ BBgWCQAmAhsgFiEE14WJEmadOiD09GvS+VvWeRBNMRUFAmEQPbMFCQl3X/kACgkQ+VvWeRBN MRVISAD+IL0KYzpOFdbUHHPbgaWaOdIvifxzbxvTxPkixJBtT34BAJqa5pDudq99qbVueLqj Oi5b1JL0j2noJljRzmNxCS8DuQGLBF08x6kBDADMTgFFkwT2KIWXf+WYH1sQ6hsBLiwwKYjv S/X9gWmIdxA6Kn32ye7ssd/GP4m7GfVgVX2wr5VTNR9K1v+k7R5Cqkk2EbWYekB1TB6B7VZb D20gc4P3qpv0oLQcIVoqWg68dGEGMYYhTaMx5HKKP8QS1HJHRbe9pRsZEdOsijEBlCBYyGe8 IMOMO0SwdaaCPSqhM+ZLFrBpKZbCYMUlQWqsLCENsUx83kaz2oe2h92mpKY9e2G7S6AA0zGy 1RIyc1ti/x3a+PkdYhehTFWyRqIssZrrk6kVSyNg5qGOfphFdsKYC6EK3KU1EVH1SnpiPIC1 kdPiW/PUC0+c/JyklLH5gIniJfafvwiNihX+3HKFNAl/PCWb3GN3/Cy0rhC+h3tkiPMZ3s8D KgDvC5Ntiljueg+B20EYde4nHbmsE6qwk8M9kCh5Ev8/++BMDMZEnNg1qsI1EcolIAN5IUeK OXFrCEBnKmAC0d/JnXmYvB1Wqz5sv9DX30sG9v0IxBMMipcABiOIeAQYFggAIBYhBNeFiRJm nTog9PRr0vlb1nkQTTEVBQJdPMepAhsgAAoJEPlb1nkQTTEVPPgBAOZbf1jNYybRw8QOqjB/ RFnqzmw0xCCqmupdbayyddBYAP0akn7w+b0PRsB5K+jPmOSxF0AwAzs1HujupldHywWUBA== Message-ID: Date: Tue, 25 Jan 2022 15:24:17 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha384; protocol="application/pgp-signature"; boundary="hhAm2o9fckt8X5lRnNWEifdDmjAjkvjqs" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --hhAm2o9fckt8X5lRnNWEifdDmjAjkvjqs Content-Type: multipart/mixed; boundary="pkNqP2vyAjzibwlLMfnJaOIFeLkpkWMHj"; protected-headers="v1" From: Jakub Jirutka To: Markus Kolb , ~alpine/users@lists.alpinelinux.org, Paul Message-ID: Subject: Re: Alpine Linux affected by CVE-2022-0185? References: In-Reply-To: --pkNqP2vyAjzibwlLMfnJaOIFeLkpkWMHj Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable > But I've provided some months ago a patch for a security related issue = and never got an answer. Can you please provide a link to your merge request on https://gitlab.alp= inelinux.org that were closed without answer? Thanks, Jakub J. On 1/25/22 2:42 PM, Markus Kolb wrote: > It is kernel 5.15.15 and patched is the vuln in 5.15.16. So yes. > Looks like the maintenance becomes somewhat resource limited. > But I've provided some months ago a patch for a security related issue = and never got an answer. So looks like they don't want to have additional= man power. The issue has been closed some weeks later with providing a n= ew package. So somewhat questioning what is going on. --pkNqP2vyAjzibwlLMfnJaOIFeLkpkWMHj-- --hhAm2o9fckt8X5lRnNWEifdDmjAjkvjqs Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAEBCQAdFiEEv7UV5T50WUImhovnefKZsENajiMFAmHwCBEACgkQefKZsENa jiMWxwv+J4OXZHJSvdNBZ5LAlAQp4ico4Tcnfk4iP9FYzx7y8ajbw09QmAIEJDwo O4sWy8FoL41HjMVeToSmsJxJhgGz6XV4c9zutk357BdqkyRa4ZGLvOMKarFlBtOf 7rfoFHZAA79lNEXY/aNB9EK2lpi8ZP1ZgTLuP3bEIYPiPVTBijG4Cxw5IVIkAzkv OrP4p3DoGARMhT7nfY4MU0hu/jSAUiOlMjdOw5SAeoFkJ/TDWeJd3OzG0L2Xo4ze CGs8rH4aDS5dmgGv9LtTUtw54Ztuc2c/rFjX0g0fuz/6qYiJSA1vfD8yyWts8Ob/ Y8faoonGlWARvFaJzV3JeSfIlcXRoLWELtVJutA4aIdEwdGmBJ5Pux6cOLqXUxsY OCtU43AlpC5AcRT6KHIZBVEZ5spPlV3Ci2rsXrDY8ywOvKCtDDgQFqJ8cqdbFLnR ucPacGJaiTfK1C3RzRj9FWVHl8vxRgr3kRDJPlBKp806ZI4GTxJhSNPK6HEHiZ5k UQDlU7W5 =IhAg -----END PGP SIGNATURE----- --hhAm2o9fckt8X5lRnNWEifdDmjAjkvjqs--