Received: from out-171.mta0.migadu.com (out-171.mta0.migadu.com [IPv6:2001:41d0:1004:224b::ab])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id BEA0C21FFF8
	for <~alpine/users@lists.alpinelinux.org>; Mon, 17 Jun 2024 10:59:40 +0000 (UTC)
X-Envelope-To: siddharth.s.srivastava@oracle.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=selfisekai.rocks;
	s=key1; t=1718621977;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:autocrypt:autocrypt;
	bh=DvvV8lKNLyJ5/K43Vu6nINa2JsMZL6AmJxhqfwDjc14=;
	b=Twk/ZO/2PeC01q6qCUHfuDpNSVH80cjydt9Yz0S80/pcMvwiKZ0p0hbPjvRclHj35UFpTd
	VknNH9DRKGCp55j0rxtgHMSuDlAAGI5QXVaholewiocBNu88Lj8Hqn1m9MWr2+OaemkhiA
	G28eI8KeV/9mwFLV1wcFgBsoPmfDBj4YoeCp8NMJhhpofqZJxK7vdlEGbBdbmfphWO6/nw
	pFSZidq7CiMXueliYFg8nAQp3nIPnAJjREfcP8IcITotTjBNEMV7r0Ht5ynZQ1y5nqxd0W
	Y0fdD8gthfKTiic4CGQrHS9duD9xbZ00rGH9JU1CBLvB/sy49s1+L4J/fLkn2Q==
X-Envelope-To: ~alpine/users@lists.alpinelinux.org
Message-ID: <f5736405-13c1-4bf3-b356-521aa2168fbd@selfisekai.rocks>
Date: Mon, 17 Jun 2024 12:59:35 +0200
MIME-Version: 1.0
Subject: Re: Inquiry regarding CVE-2023-42366 in Alpine Linux 3.19.1
To: Siddharth Srivastava <siddharth.s.srivastava@oracle.com>,
 "~alpine/users@lists.alpinelinux.org" <~alpine/users@lists.alpinelinux.org>
References: <DS0PR10MB614999084F60AE9640488E93A3CD2@DS0PR10MB6149.namprd10.prod.outlook.com>
Content-Language: en-US
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
From: "lauren n. liberda" <lauren@selfisekai.rocks>
Autocrypt: addr=lauren@selfisekai.rocks; keydata=
 xjMEZds86BYJKwYBBAHaRw8BAQdAXg2C2CwsO1IHJM0JbZFSsj0Qsaqy5KHVeq7Dwj+WmHPN
 QmxhdXJlbiBuLiBsaWJlcmRhIChwb3N0IDIwMjQtMDItMTUgcmFpZCkgPGxhdXJlbkBzZWxm
 aXNla2FpLnJvY2tzPsKZBBMWCgBBFiEExNpmCD+2mk1lqoAGFhPdMv4ow+oFAmXbPOgCGwMF
 CQWjmoAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQFhPdMv4ow+ospgEA/zaaNnPE
 xGRowVjOyVCokA73LOCofGY/Ny4BF2QhWy8BAPfF/V55hT5IippOI56fxK+U0AOYMAfpcr/K
 xgePwQsAzjgEZds86BIKKwYBBAGXVQEFAQEHQD1inUwS+R0L22otAzbE10kLj8RIRZqPLIDW
 ifHz0V5dAwEIB8J+BBgWCgAmFiEExNpmCD+2mk1lqoAGFhPdMv4ow+oFAmXbPOgCGwwFCQWj
 moAACgkQFhPdMv4ow+qWSQD+MsP5I2Xjw0WKNj2Rps6YHhDKlKPbPCJYrcRWlfLEXAABAIWW
 q4f0t1R5GUrsPFgQsKbiwu0M6JSNpevDBlIa1UUN
In-Reply-To: <DS0PR10MB614999084F60AE9640488E93A3CD2@DS0PR10MB6149.namprd10.prod.outlook.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Migadu-Flow: FLOW_OUT

hi,


as usually this information is available on our security dashboard here: 
https://security.alpinelinux.org/vuln/CVE-2023-42366


On 6/17/24 08:47, Siddharth Srivastava wrote:
> Dear Alpine Linux Team,
>
> I am writing to inquire about the status of CVE-2023-42366 in Alpine 
> Linux 3.19.1.
>
> I understand that Alpine Linux 3.19.1 is a maintenance release that 
> includes various bug fixes and security updates, including security 
> fixes for OpenSSL. However, the release notes do not explicitly 
> mention CVE-2023-42366, which is related to BusyBox 1.36.1.
>
> Could you please confirm whether CVE-2023-42366 has been addressed in 
> Alpine Linux 3.19.1? If not, could you provide an estimated timeline 
> for when this vulnerability might be fixed in a future release?
>
> Thank you for your time and assistance.
>
> Sincerely,
> Siddharth

-- 
lauren n. liberda
it/she, het/zij, to [coś]/ona
https://liberda.nl/