Received: from mx1.mailbun.net (mx1.mailbun.net [170.39.20.100]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 31F19781097 for <~alpine/users@lists.alpinelinux.org>; Tue, 25 Jan 2022 20:04:59 +0000 (UTC) Received: from [2607:fb90:d98b:8818:5079:94eb:24d5:e5c3] (unknown [172.58.104.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: ariadne@dereferenced.org) by mx1.mailbun.net (Postfix) with ESMTPSA id 648C611B180; Tue, 25 Jan 2022 20:04:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dereferenced.org; s=mailbun; t=1643141096; bh=PYYN2BEpg5L+XwwVZw2d/jDR+K/vPCFg9qLvPUiiHcs=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=AQIj5MwLZp2MowxWsgGDVimjpZ7STa8w3v81JuQUazxz1wujlJs+LnaXwA7WbmvID 6gNO4f8VHOlGzMxrp/vo9IZTCoaBXWyOl2x2BDFeMT3f848FjMJkPjWNRyn5cGd9vz JXXegqFJoWX5IeOjesfyxMSP8HW69efqOwp9gVippfUeIGqKGzlnNQM32xEXYZQdiY 30cSvA9DhIwnAje4lGr6sYEK8hkaeVGqO0qcOHhCWBqwn6LmaF5xdm/hyoFDaarGaO R+GGZAR2QXLJy5MYJL1siDaCWnpqqML1XnK4CtDht8jKqPCyVBAFaqbNBfUFPLpcWR 1dFZtX6Qtkx9w== Date: Tue, 25 Jan 2022 14:04:48 -0600 (CST) From: Ariadne Conill To: Markus Kolb cc: ~alpine/users@lists.alpinelinux.org, Paul Subject: Re: Alpine Linux affected by CVE-2022-0185? In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Hi, On Tue, 25 Jan 2022, Markus Kolb wrote: > It is kernel 5.15.15 and patched is the vuln in 5.15.16. So yes. > Looks like the maintenance becomes somewhat resource limited. > But I've provided some months ago a patch for a security related issue and never got an answer. So looks like they don't want to have additional man power. The issue has been closed some weeks later > with providing a new package. So somewhat questioning what is going on. Did you ping @team/security in Gitlab? Ariadne