X-Original-To: alpine-user@lists.alpinelinux.org Received: from phosphorusnetworks.com (unknown [146.164.3.46]) by lists.alpinelinux.org (Postfix) with ESMTP id 6413F5C630F for ; Sat, 15 Sep 2018 14:01:58 +0000 (GMT) Received: from localhost ([127.0.0.1]) by phosphorusnetworks.com with esmtp (Exim 4.91) (envelope-from ) id 1g1B8S-0006As-MZ for alpine-user@lists.alpinelinux.org; Sat, 15 Sep 2018 11:01:20 -0300 Received: from 127.0.0.1 Sat, 15 Sep 2018 11:01:20 -0300 Message-ID: Date: Sat, 15 Sep 2018 11:01:20 -0300 Subject: [alpine-user] apk MITM bug From: "Fabio Martins" To: alpine-user@lists.alpinelinux.org Reply-To: fm+alpine+user+list@phosphorusnetworks.com User-Agent: mutt X-Mailinglist: alpine-user Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Just read: https://www.theregister.co.uk/2018/09/15/alpine_linux_bug/ ..."The vulnerability lies in the way apk unpacks archives and deals with suspicious code. Justicz found that if the malware could be hidden within the package's commit_hooks directory, it would escape the cleanup and could then be executed as normal." Didn't found nothing here: https://bugs.alpinelinux.org/projects/alpine/issues Am I missing something? cheers. -- Fabio Martins PHOSPHORUS NETWORKS https://phosphorusnetworks.com/en/ --- Unsubscribe: alpine-user+unsubscribe@lists.alpinelinux.org Help: alpine-user+help@lists.alpinelinux.org ---