On Thu, 16 Mar 2023 12:12:47 +0100
Christian Dupuis <christian.dupuis@docker.com> wrote:

> Hi,
> 
> is it possible that there*s a typo in the version number '1.9.5p2-r0'
> of *sudo' in CVE-2021-3156? Should the version number be
> '1.9.5_p2-r0* instead?

I agree that it looks like a typo, but I think it is correct.

See:
https://gitlab.alpinelinux.org/alpine/aports/-/commit/7b07d36c9c463eb0692ff58146f01d3dffe8c454

The Alpine Linux project is pleased to announce the immediate
availability of new stable releases:

- [3.14.9](https://git.alpinelinux.org/aports/log/?h=v3.14.9)
- [3.15.7](https://git.alpinelinux.org/aports/log/?h=v3.15.7)
- [3.16.4](https://git.alpinelinux.org/aports/log/?h=v3.16.4)

Those releases include security fixes for openssl:

- [CVE-2022-4203](https://security.alpinelinux.org/vuln/CVE-2022-4203)
- [CVE-2022-4304](https://security.alpinelinux.org/vuln/CVE-2022-4304)
- [CVE-2022-4450](https://security.alpinelinux.org/vuln/CVE-2022-4450)
- [CVE-2023-0215](https://security.alpinelinux.org/vuln/CVE-2023-0215)
- [CVE-2023-0216](https://security.alpinelinux.org/vuln/CVE-2023-0216)

The Alpine Linux project is pleased to announce the immediate
availability of version 3.17.2 of its Alpine Linux operating system.

This release includes various security fixes, including:

- openssl [CVE-2023-0286](https://security.alpinelinux.org/vuln/CVE-2023-0286)
- openssl [CVE-2022-4304](https://security.alpinelinux.org/vuln/CVE-2022-4304)
- openssl [CVE-2022-4203](https://security.alpinelinux.org/vuln/CVE-2022-4203)
- openssl [CVE-2023-0215](https://security.alpinelinux.org/vuln/CVE-2023-0215)
- openssl [CVE-2022-4450](https://security.alpinelinux.org/vuln/CVE-2022-4450)
- openssl [CVE-2023-0216](https://security.alpinelinux.org/vuln/CVE-2023-0216)
- openssl [CVE-2023-0217](https://security.alpinelinux.org/vuln/CVE-2023-0217)
- openssl [CVE-2023-0401](https://security.alpinelinux.org/vuln/CVE-2023-0401)

The Alpine Linux project is pleased to announce the immediate
availability of version 3.17.1 of its Alpine Linux operating system.

This release includes various security fixes, including:

- openssl CVE-2022-3996[1]

The full lists of changes can be found in the git log[2].

[1]: https://security.alpinelinux.org/vuln/CVE-2022-3996
[2]: https://git.alpinelinux.org/aports/log/?h=v3.17.1

Git Shortlog
------------

We are pleased to announce the release of Alpine Linux 3.17.0, the first in
the v3.17 stable series.

Highlights
----------

* bash [5.2](https://lists.gnu.org/archive/html/bash-announce/2022-09/msg00000.html)
* GCC [12](https://gcc.gnu.org/gcc-12/changes.html)
* Kea [2.2](https://www.isc.org/blogs/kea-2-2-0/)
* LLVM [15](https://releases.llvm.org/15.0.0/docs/ReleaseNotes.html)
* OpenSSL [3.0](https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final/)
* Perl [5.36](https://perldoc.perl.org/perldelta)
* PostgreSQL [15](https://www.postgresql.org/about/news/postgresql-15-released-2526/)
* Node.js (lts) [18.12](https://nodejs.org/en/blog/release/v18.12.0/)

We are pleased to announce the release of Alpine Linux 3.17.0, the first in
the v3.17 stable series.

Highlights
----------

* bash [5.2](https://lists.gnu.org/archive/html/bash-announce/2022-09/msg00000.html)
* GCC [12](https://gcc.gnu.org/gcc-12/changes.html)
* Kea [2.2](https://www.isc.org/blogs/kea-2-2-0/)
* LLVM [15](https://releases.llvm.org/15.0.0/docs/ReleaseNotes.html)
* OpenSSL [3.0](https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final/)
* Perl [5.36](https://perldoc.perl.org/perldelta)
* PostgreSQL [15](https://www.postgresql.org/about/news/postgresql-15-released-2526/)
* Node.js (lts) [18.12](https://nodejs.org/en/blog/release/v18.12.0/)

Hi,

I have started collect release notes for the 3.17 release.
https://gitlab.alpinelinux.org/alpine/infra/alpine-mksite/-/merge_requests/54

I created also a wiki page for more details if that is needed.
https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.17.0

Please comment on the merge request in gitlab or edit the wiki page if
there is something you think should be mentioned.

Please note that the alpine-mksite mege request can be considered as a
press release. So we need to be careful what we put there so we don't
end up with some weird sounding news headlines.

The Alpine Linux project is pleased to announce the immediate
availability of version 3.16.3 of its Alpine Linux operating system.

This is a bugfix release.

The full lists of changes can be found in the [git log](http://git.alpinelinux.org/aports/log/?h=v3.16.3).

Git Shortlog
------------

6543 (1):
      community/gitea: upgrade to 1.17.3

Andy Postnikov (14):

On Fri, 14 Jan 2022 09:15:26 +0100
"Drew DeVault" <sir@cmpwn.com> wrote:

> All future wiki contributions now use the CC-BY-SA license. However,
> existing contributions cannot be re-licensed without the consent of the
> copyright owner.
> 
> If you consent to having your wiki contributions distributed under the
> terms of CC-BY-SA, please reply to this email with the following
> template:
> 
> I, <your name>, hereby re-license my contributions to the Alpine Linux
> wiki under the username <your wiki username> under the terms of the
> CC-BY-SA license.

Hi!

I will start work on setting up the builders for 3.17 release this
week. This means that significant changes to the toolchain and
bootstrap packages (eg make, binutils, gcc, bison, autoconf, automake,
cmake etc) needs to happen within a few days or they will have to be
postponed to after 3.17 release.

We can also expect a more general feature freeze in aports/main from
next week (17 October) and a feature freeze in aports/community wekk
after that (24 October).

Those are approximate dates and as usual, we do exceptions on case by
case basis after that.