You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have an Docker image based on Alpine 3.11 with curl and libcurl installed via apk (nginx:1.18.0-alpine)
The versions of curl and libcurl (7.67.0-r0) are affected by CVE-2020-8231 (https://curl.haxx.se/docs/CVE-2020-8231.html).
So I see 2 issues:
1- the vuln-list README does not seem to be aligned with what actually is in the vuln-list-update source code
2- the source for Alpine vulnerabilities used in vuln-list-update does not seem to be updated regularly
The text was updated successfully, but these errors were encountered:
I have an Docker image based on Alpine 3.11 with curl and libcurl installed via apk (nginx:1.18.0-alpine)
The versions of curl and libcurl (7.67.0-r0) are affected by CVE-2020-8231 (https://curl.haxx.se/docs/CVE-2020-8231.html).
The vuln-list README says Alpine vulnerabilities are fetched from https://bugs.alpinelinux.org/projects/alpine/issues. This URL redirrects to https://gitlab.alpinelinux.org/alpine. In this repository, the APKBUILD file (https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/curl/APKBUILD) includes the above mentioned CVE:
But in the vuln-list-update source code, the URL that is used to check Alpine vulnerabilities is https://git.alpinelinux.org/aports/ (https://github.com/aquasecurity/vuln-list-update/blob/master/alpine/alpine.go#L22). And in this repository, CVE-2020-8231 is not mentioned in the APKBUILD file.
So I see 2 issues:
1- the vuln-list README does not seem to be aligned with what actually is in the vuln-list-update source code
2- the source for Alpine vulnerabilities used in vuln-list-update does not seem to be updated regularly
The text was updated successfully, but these errors were encountered: